1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

help plz (trojan horses detected in system error)

Discussion in 'Malware and Virus Removal Archive' started by Zatrokan, 2008/06/22.

  1. 2008/06/22
    Zatrokan

    Zatrokan Inactive Thread Starter

    Joined:
    2008/06/22
    Messages:
    3
    Likes Received:
    0
    well hello i just joined, so please dont be angry at me if i do not understand something. I have this error that keeps popping up whenever I try to go into "my computer" Attention (name), Some dangerous trojan horses detected in your system. I have read some other threads and it told me to get the info (below) plz tell me what to do

    Deckard's System Scanner v20071014.68
    Run by Stan on 2008-06-22 23:31:13
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 5 Restore Point(s) --
    15: 2008-06-22 06:32:03 UTC - RP135 - Scheduled Checkpoint
    14: 2008-06-21 18:05:00 UTC - RP134 - Removed MapleStory.
    13: 2008-06-21 18:02:07 UTC - RP133 - Windows Defender Checkpoint
    12: 2008-06-21 05:50:39 UTC - RP131 - Installed MapleStory.
    11: 2008-06-20 06:01:53 UTC - RP130 - Windows Update


    -- First Restore Point --
    1: 2008-06-14 23:40:36 UTC - RP118 - Windows Update


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Stan.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:32:16 PM, on 22/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Stan\Downloads\dss.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Stan.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\Windows\system32\dadef.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe "
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe "
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6809 bytes

    -- File Associations -----------------------------------------------------------

    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    S1 prodrv03 (Star Force copy protection driver v3) - \??\c:\windows\system32\drivers\prodrv03.sys
    S3 libusb0 (LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120) - c:\windows\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Files created between 2008-05-22 and 2008-06-22 -----------------------------

    2008-06-22 23:32:04 0 d-------- C:\Program Files\Trend Micro
    2008-06-21 21:19:11 0 drahs---- C:\autorun.inf
    2008-06-21 14:10:49 0 d-------- C:\Users\All Users\Malwarebytes
    2008-06-21 14:10:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-21 00:19:26 13824 --a------ C:\Windows\system32\dadef.dll
    2008-06-21 00:19:10 13824 --a------ C:\Windows\system32\codef.dll
    2008-06-19 16:44:33 0 d-------- C:\Program Files\Hamachi
    2008-06-19 16:33:38 0 d-------- C:\Users\All Users\dokumenty
    2008-06-19 15:07:24 0 d-------- C:\Program Files\THQ
    2008-06-17 17:33:30 0 d-------- C:\Program Files\uTorrent
    2008-06-16 15:51:00 0 d-------- C:\Program Files\DivX
    2008-06-13 17:11:33 0 d-------- C:\Windows\LastGood
    2008-06-13 16:51:56 42496 --a------ C:\Windows\system32\libusb0.dll <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - DLL>
    2008-06-13 16:51:56 29184 --a------ C:\Windows\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver>
    2008-06-10 23:02:37 0 d-------- C:\.jagex_cache_32
    2008-06-10 22:58:20 0 d-------- C:\Program Files\Perfect Alarm Clock
    2008-06-08 00:51:28 0 d-------- C:\msinst
    2008-06-06 00:18:11 0 d-------- C:\Program Files\Outsim
    2008-06-06 00:17:07 0 d-------- C:\Program Files\Image-Line
    2008-06-02 19:10:07 0 d-------- C:\Program Files\Opera
    2008-06-01 15:02:42 0 d-------- C:\Windows\.file_store_32
    2008-05-27 23:37:23 0 d-------- C:\Windows\.jagex_cache_32
    2008-05-25 13:01:19 0 d--h----- C:\$AVG8.VAULT$
    2008-05-25 12:21:41 0 d-------- C:\Users\All Users\InstallShield
    2008-05-25 12:18:09 0 d-------- C:\Program Files\GALA-NET
    2008-05-25 11:03:36 0 d-------- C:\Windows\system32\drivers\Avg
    2008-05-25 11:03:31 0 d-------- C:\Program Files\AVG
    2008-05-25 11:03:30 0 d-------- C:\Users\All Users\avg8
    2008-05-24 23:20:24 0 d-------- C:\Program Files\Logitech
    2008-05-23 23:47:45 0 d-------- C:\Program Files\Alwil Software
    2008-05-22 18:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
    2008-05-22 18:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-05-22 18:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-05-22 18:08:49 0 d-a------ C:\Users\All Users\TEMP


    -- Find3M Report ---------------------------------------------------------------

    2008-06-21 23:45:41 0 d-------- C:\Program Files\Warcraft III
    2008-06-21 23:10:24 0 d-------- C:\Program Files\Garena
    2008-06-21 14:10:52 0 d-------- C:\Users\Stan\AppData\Roaming\Malwarebytes
    2008-06-21 12:42:10 0 d-------- C:\Users\Stan\AppData\Roaming\Nexon
    2008-06-21 00:59:55 0 d-------- C:\Users\Stan\AppData\Roaming\uTorrent
    2008-06-21 00:59:47 0 d-------- C:\Users\Stan\AppData\Roaming\Hamachi
    2008-06-19 23:56:33 0 d-------- C:\Program Files\WarRock
    2008-06-18 00:08:17 0 d-------- C:\Users\Stan\AppData\Roaming\Mozilla
    2008-06-17 21:47:23 0 d-------- C:\Users\Stan\AppData\Roaming\LimeWire
    2008-06-15 23:09:47 0 d-------- C:\Users\Stan\AppData\Roaming\XLink Kai
    2008-06-11 00:14:56 0 d-------- C:\Program Files\Windows Mail
    2008-06-08 09:53:26 0 d-------- C:\Program Files\World of Warcraft
    2008-06-02 19:10:21 0 d-------- C:\Users\Stan\AppData\Roaming\Opera
    2008-05-28 08:06:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-05-25 12:18:09 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-05-25 12:18:09 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-05-25 11:24:49 0 d-------- C:\Program Files\Sword of The New World
    2008-05-25 11:24:03 0 d--h----- C:\Users\Stan\AppData\Roaming\ijjigame
    2008-05-23 23:35:39 0 d-------- C:\Program Files\Common Files
    2008-05-20 19:35:58 76065 --a------ C:\Windows\War3Unin.dat
    2008-05-20 19:35:41 2829 --a------ C:\Windows\War3Unin.pif
    2008-05-20 19:35:41 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
    2008-05-12 21:09:05 0 d-------- C:\Users\Stan\AppData\Roaming\InstallShield
    2008-05-12 19:26:39 0 d-------- C:\Program Files\Yahoo!
    2008-05-12 08:21:05 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2008-04-29 20:51:08 0 d-------- C:\Program Files\LimeWire
    2008-04-29 20:41:13 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    2008-04-29 20:40:47 0 d-------- C:\Users\Stan\AppData\Roaming\Adobe
    2008-04-29 20:39:00 0 d-------- C:\Program Files\Microsoft.NET
    2008-04-18 15:58:05 530 --a------ C:\Windows\eReg.dat
    2008-04-16 23:29:09 29 --a------ C:\Windows\popcinfo.dat
    2008-03-29 21:28:58 4608 --a------ C:\Windows\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
    2008-03-29 21:28:58 2272 --a------ C:\Windows\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
    2008-03-29 21:28:28 0 -rahs---- C:\MSDOS.SYS
    2008-03-29 21:28:28 0 -rahs---- C:\IO.SYS
    2008-03-23 02:23:34 0 --a------ C:\Windows\nsreg.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FF811E6-8925-4084-A649-C159955E67E8}]
    21/06/2008 12:19 AM 13824 --a------ C:\Windows\system32\dadef.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [28/11/2007 11:55 PM]
    "hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [18/04/2007 11:01 AM]
    "KBD "= "C:\HP\KBD\KbdStub.EXE" [08/12/2006 12:16 PM]
    "OsdMaestro "= "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [15/02/2007 07:59 AM]
    "NvSvc "= "C:\Windows\system32\nvsvc.dll" [06/07/2007 09:45 PM]
    "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [06/07/2007 09:45 PM]
    "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [06/07/2007 09:45 PM]
    "RtHDVCpl "= "RtHDVCpl.exe" [25/10/2007 09:52 AM C:\Windows\RtHDVCpl.exe]
    "HP Health Check Scheduler "= "[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 07:06 AM]
    "SunJavaUpdateReg "= "C:\Windows\system32\jureg.exe" [07/04/2007 06:56 AM]
    "HP Software Update "= "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [08/05/2007 08:24 PM]
    "@ "=" " []
    "AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [25/05/2008 11:03 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [23/03/2008 02:01 AM]
    "WindowsWelcomeCenter "= "oobefldr.dll,ShowWelcomeCenter " []
    "HPAdvisor "= "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" []
    "MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 02:34 PM]
    "ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [02/11/2006 08:35 AM]
    "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 08:36 AM]

    C:\Users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [19/06/2008 4:44:33 PM]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe [07/05/2007 2:35:56 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @= "IEEE 1394 Bus host controllers "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @= "SBP2 IEEE 1394 Devices "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @= "SecurityDevices "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78273e4c-e686-11dc-b3ce-806e6f6e6963}]
    AutoRun\command- E:\autoplay.exe

    *Newly Created Service* - NPKCRYPT
    *Newly Created Service* - PSSDK41

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-06-22 23:33:03 ------------
     
    Zatrokan,
    #1
  2. 2008/06/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Zatrokan :)

    Please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Post the entire report in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


    Then, read this topic, install the latest version of Hijackthis, run a scan and save the log (you can close it for now). Then, download and run Deckard's System Scanner and post BOTH the main.txt and extra.txt logs. You may be required to put them in separate posts due to character count limitations.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/06/22
    Zatrokan

    Zatrokan Inactive Thread Starter

    Joined:
    2008/06/22
    Messages:
    3
    Likes Received:
    0
    ok so ive done everything but the extra.txt didnt appear for some reason =S
    so here are the MBAM and DSS (main.txt)

    Malwarebytes' Anti-Malware 1.18
    Database version: 881

    12:06:45 AM 23/06/2008
    mbam-log-6-23-2008 (00-06-45).txt

    Scan type: Quick Scan
    Objects scanned: 34306
    Time elapsed: 2 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 5
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\Windows\System32\dadef.dll (Trojan.FakeAlert) -> Unloaded module successfully.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{2ff811e6-8925-4084-a649-c159955e67e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ff811e6-8925-4084-a649-c159955e67e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Windows\System32\dadef.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\Windows\System32\codef.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.








    Deckard's System Scanner v20071014.68
    Run by Stan on 2008-06-23 00:16:01
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Stan.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:16:08 AM, on 23/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Windows\system32\schtasks.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hamachi\hamachi.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\hp\kbd\kbd.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Stan\Downloads\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Stan.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe "
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe "
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6842 bytes

    -- Files created between 2008-05-23 and 2008-06-23 -----------------------------

    2008-06-22 23:32:04 0 d-------- C:\Program Files\Trend Micro
    2008-06-21 21:19:11 0 drahs---- C:\autorun.inf
    2008-06-21 14:10:49 0 d-------- C:\Users\All Users\Malwarebytes
    2008-06-21 14:10:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-19 16:44:33 0 d-------- C:\Program Files\Hamachi
    2008-06-19 16:33:38 0 d-------- C:\Users\All Users\dokumenty
    2008-06-19 15:07:24 0 d-------- C:\Program Files\THQ
    2008-06-17 17:33:30 0 d-------- C:\Program Files\uTorrent
    2008-06-16 15:51:00 0 d-------- C:\Program Files\DivX
    2008-06-13 17:11:33 0 d-------- C:\Windows\LastGood.Tmp
    2008-06-13 16:51:56 42496 --a------ C:\Windows\system32\libusb0.dll <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - DLL>
    2008-06-13 16:51:56 29184 --a------ C:\Windows\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver>
    2008-06-10 23:02:37 0 d-------- C:\.jagex_cache_32
    2008-06-10 22:58:20 0 d-------- C:\Program Files\Perfect Alarm Clock
    2008-06-08 00:51:28 0 d-------- C:\msinst
    2008-06-06 00:18:11 0 d-------- C:\Program Files\Outsim
    2008-06-06 00:17:07 0 d-------- C:\Program Files\Image-Line
    2008-06-02 19:10:07 0 d-------- C:\Program Files\Opera
    2008-06-01 15:02:42 0 d-------- C:\Windows\.file_store_32
    2008-05-27 23:37:23 0 d-------- C:\Windows\.jagex_cache_32
    2008-05-25 13:01:19 0 d--h----- C:\$AVG8.VAULT$
    2008-05-25 12:21:41 0 d-------- C:\Users\All Users\InstallShield
    2008-05-25 12:18:09 0 d-------- C:\Program Files\GALA-NET
    2008-05-25 11:03:36 0 d-------- C:\Windows\system32\drivers\Avg
    2008-05-25 11:03:31 0 d-------- C:\Program Files\AVG
    2008-05-25 11:03:30 0 d-------- C:\Users\All Users\avg8
    2008-05-24 23:20:24 0 d-------- C:\Program Files\Logitech
    2008-05-23 23:47:45 0 d-------- C:\Program Files\Alwil Software


    -- Find3M Report ---------------------------------------------------------------

    2008-06-23 00:09:24 0 d-------- C:\Users\Stan\AppData\Roaming\Hamachi
    2008-06-21 23:45:41 0 d-------- C:\Program Files\Warcraft III
    2008-06-21 23:10:24 0 d-------- C:\Program Files\Garena
    2008-06-21 14:10:52 0 d-------- C:\Users\Stan\AppData\Roaming\Malwarebytes
    2008-06-21 12:42:10 0 d-------- C:\Users\Stan\AppData\Roaming\Nexon
    2008-06-21 00:59:55 0 d-------- C:\Users\Stan\AppData\Roaming\uTorrent
    2008-06-19 23:56:33 0 d-------- C:\Program Files\WarRock
    2008-06-18 00:08:17 0 d-------- C:\Users\Stan\AppData\Roaming\Mozilla
    2008-06-17 21:47:23 0 d-------- C:\Users\Stan\AppData\Roaming\LimeWire
    2008-06-15 23:09:47 0 d-------- C:\Users\Stan\AppData\Roaming\XLink Kai
    2008-06-11 00:14:56 0 d-------- C:\Program Files\Windows Mail
    2008-06-08 09:53:26 0 d-------- C:\Program Files\World of Warcraft
    2008-06-02 19:10:21 0 d-------- C:\Users\Stan\AppData\Roaming\Opera
    2008-05-28 08:06:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-05-25 12:18:09 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-05-25 12:18:09 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-05-25 11:24:49 0 d-------- C:\Program Files\Sword of The New World
    2008-05-25 11:24:03 0 d--h----- C:\Users\Stan\AppData\Roaming\ijjigame
    2008-05-23 23:35:39 0 d-------- C:\Program Files\Common Files
    2008-05-22 18:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
    2008-05-22 18:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-05-22 18:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-05-20 19:35:58 76065 --a------ C:\Windows\War3Unin.dat
    2008-05-20 19:35:41 2829 --a------ C:\Windows\War3Unin.pif
    2008-05-20 19:35:41 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
    2008-05-12 21:09:05 0 d-------- C:\Users\Stan\AppData\Roaming\InstallShield
    2008-05-12 19:26:39 0 d-------- C:\Program Files\Yahoo!
    2008-05-12 08:21:05 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
    2008-04-29 20:51:08 0 d-------- C:\Program Files\LimeWire
    2008-04-29 20:41:13 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    2008-04-29 20:40:47 0 d-------- C:\Users\Stan\AppData\Roaming\Adobe
    2008-04-29 20:39:00 0 d-------- C:\Program Files\Microsoft.NET
    2008-04-18 15:58:05 530 --a------ C:\Windows\eReg.dat
    2008-04-16 23:29:09 29 --a------ C:\Windows\popcinfo.dat
    2008-03-29 21:28:58 4608 --a------ C:\Windows\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
    2008-03-29 21:28:58 2272 --a------ C:\Windows\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
    2008-03-29 21:28:28 0 -rahs---- C:\MSDOS.SYS
    2008-03-29 21:28:28 0 -rahs---- C:\IO.SYS
    2008-03-23 02:23:34 0 --a------ C:\Windows\nsreg.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [28/11/2007 11:55 PM]
    "hpsysdrv "= "c:\hp\support\hpsysdrv.exe" [18/04/2007 11:01 AM]
    "KBD "= "C:\HP\KBD\KbdStub.EXE" [08/12/2006 12:16 PM]
    "OsdMaestro "= "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [15/02/2007 07:59 AM]
    "NvSvc "= "C:\Windows\system32\nvsvc.dll" [06/07/2007 09:45 PM]
    "NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [06/07/2007 09:45 PM]
    "NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [06/07/2007 09:45 PM]
    "RtHDVCpl "= "RtHDVCpl.exe" [25/10/2007 09:52 AM C:\Windows\RtHDVCpl.exe]
    "HP Health Check Scheduler "= "[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 07:06 AM]
    "SunJavaUpdateReg "= "C:\Windows\system32\jureg.exe" [07/04/2007 06:56 AM]
    "HP Software Update "= "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [08/05/2007 08:24 PM]
    "@ "=" " []
    "AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [25/05/2008 11:03 AM]
    "Malwarebytes Anti-Malware Reboot "= "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [19/06/2008 05:55 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [23/03/2008 02:01 AM]
    "WindowsWelcomeCenter "= "oobefldr.dll,ShowWelcomeCenter " []
    "HPAdvisor "= "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" []
    "MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 02:34 PM]
    "ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [02/11/2006 08:35 AM]
    "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 08:36 AM]

    C:\Users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [19/06/2008 4:44:33 PM]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe [07/05/2007 2:35:56 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @= "IEEE 1394 Bus host controllers "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @= "SBP2 IEEE 1394 Devices "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @= "SecurityDevices "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78273e4c-e686-11dc-b3ce-806e6f6e6963}]
    AutoRun\command- E:\autoplay.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-06-23 00:16:38 ------------
     
    Zatrokan,
    #3
  5. 2008/06/23
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Scan again with HijackThis and place a check next to the following emtries.

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)


    Close all other windows then click Fix Checked.
    Close HijackThis and restart the computer.
    Do another HijackThis scan, save the log and post it here.
     
    noahdfear,
    #4
  6. 2008/06/24
    Zatrokan

    Zatrokan Inactive Thread Starter

    Joined:
    2008/06/22
    Messages:
    3
    Likes Received:
    0
    ok done the scan (by the way the messege does not pop up anymore)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:42:54 AM, on 24/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\hp\KBD\KbdStub.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hamachi\hamachi.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe "
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe "
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6542 bytes
     
    Zatrokan,
    #5
  7. 2008/06/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Log looks great. Lets see if we've missed anything.

    Please do an online scan with Kaspersky Online Scanner

    Click Accept, when prompted to download and install the program files and database of malware definitions.
    • Click Run at the Security prompt.
    • The program will then begin downloading and installing and will also update the database.
    • Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click View scan report at the bottom.
    • Click the Save Report As... button.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


    Post the Kaspersky log here.
     
    noahdfear,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...