Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91736 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Trojen infection


  • This topic is locked This topic is locked
33 replies to this topic

#31 mikeonavtx

mikeonavtx

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 12 April 2008 - 09:31 PM

there was only one log main.txt

Deckard's System Scanner v20071014.68
Run by mike nordine on 2008-04-12 22:23:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as mike nordine.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:01 PM, on 04/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\WinBar\WinBar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mike nordine\Desktop\downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mike nordine.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O3 - Toolbar: Yahoo! uC - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Startup: WinBar.lnk = C:\Program Files\WinBar\WinBar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191690223296
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 10279 bytes

-- Files created between 2008-03-12 and 2008-04-12 -----------------------------

2008-04-12 16:02:59 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-04-12 16:02:56 0 d-------- C:\Program Files\Gemstar
2008-04-12 16:01:31 0 d-------- C:\WINDOWS\system32\IOSUBSYS
2008-04-12 15:57:16 0 d-------- C:\Program Files\Common Files\ATI
2008-04-12 15:55:42 114688 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-04-12 15:55:13 0 d-------- C:\Program Files\ATI Technologies
2008-04-12 15:16:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-12 15:15:33 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-04-12 15:01:32 0 d-------- C:\Program Files\ATI Multimedia
2008-04-12 14:59:38 0 d-------- C:\WINDOWS\system32\windows media
2008-04-12 14:59:29 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-04-12 14:59:24 0 d-------- C:\Program Files\Windows Media Components
2008-04-12 14:58:00 0 d-------- C:\Program Files\Common Files\CyberLink
2008-04-12 05:57:22 0 d-------- C:\Documents and Settings\mike nordine\Application Data\Malwarebytes
2008-04-12 05:57:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 05:57:12 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 05:56:12 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-11 01:43:48 0 d-------- C:\GF
2008-04-11 00:34:20 0 d-------- C:\Documents and Settings\mike nordine\Application Data\ATI
2008-04-11 00:22:52 0 d-------- C:\ATI
2008-04-10 13:50:49 0 d-------- C:\Program Files\Rockstar Games
2008-04-10 01:51:35 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-04-10 01:32:12 0 d-------- C:\Program Files\Electronic Arts
2008-04-10 00:55:25 438272 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; EA.com/On2.com; EAOn2_VP6>
2008-04-10 00:30:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-10 00:30:17 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-09 01:15:48 0 d-------- C:\WINDOWS\ERUNT
2008-04-08 13:12:59 0 d-------- C:\Program Files\Trend Micro
2008-04-08 01:42:14 2188 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-08 01:39:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-08 01:39:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-08 01:39:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-08 01:39:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-08 01:39:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-08 01:39:29 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-08 01:39:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-08 01:39:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-08 01:39:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-08 01:39:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-08 01:39:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-08 01:39:29 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-08 01:39:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-08 01:39:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-08 00:34:05 0 d-------- C:\Program Files\TouchCopy
2008-03-18 01:47:57 0 d-------- C:\Program Files\Windows Sidebar
2008-03-18 01:44:54 0 d-------- C:\Program Files\Symantec
2008-03-18 01:44:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-18 01:23:37 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-03-12 01:26:10 0 d-------- C:\Program Files\MagicISO


-- Find3M Report ---------------------------------------------------------------

2008-04-12 16:31:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-12 16:04:08 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80661102}.dat
2008-04-12 16:04:08 288 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000002-80661102}.dat
2008-04-12 16:03:38 0 d-------- C:\Program Files\WinBar
2008-04-12 16:02:59 0 d-------- C:\Program Files\Common Files
2008-04-12 16:02:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-12 07:35:52 0 d-------- C:\Documents and Settings\mike nordine\Application Data\Vso
2008-04-12 03:40:12 0 d-------- C:\Documents and Settings\mike nordine\Application Data\Azureus
2008-04-12 03:39:57 34 --a------ C:\Documents and Settings\mike nordine\Application Data\pcouffin.log
2008-04-12 03:39:51 47360 --a------ C:\Documents and Settings\mike nordine\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-12 03:39:51 1144 --a------ C:\Documents and Settings\mike nordine\Application Data\pcouffin.inf
2008-04-12 03:39:51 7887 --a------ C:\Documents and Settings\mike nordine\Application Data\pcouffin.cat
2008-04-12 03:39:37 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-04-12 03:34:53 0 d-------- C:\Program Files\DVDFab Platinum 3
2008-04-12 03:25:43 0 d-------- C:\Documents and Settings\mike nordine\Application Data\DVDFab
2008-04-11 00:15:44 0 d-------- C:\Program Files\Creative
2008-04-08 00:28:52 0 d-------- C:\Documents and Settings\mike nordine\Application Data\LimeWire
2008-04-02 00:33:28 0 d-------- C:\Program Files\Java
2008-03-26 00:07:42 0 d-------- C:\Program Files\LimeWire
2008-03-19 14:06:28 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-18 02:17:19 0 d-------- C:\Program Files\Norton 360
2008-03-18 01:51:21 0 d-------- C:\Documents and Settings\mike nordine\Application Data\Symantec
2008-03-09 22:07:50 0 d-------- C:\Program Files\dx9c
2008-03-09 19:49:00 0 d-------- C:\Documents and Settings\mike nordine\Application Data\DAEMON Tools
2008-03-09 16:22:55 0 d-------- C:\Documents and Settings\mike nordine\Application Data\Creative
2008-03-08 22:36:10 0 d-------- C:\Program Files\Blaze Media Pro
2008-03-08 02:51:31 0 d-------- C:\Documents and Settings\mike nordine\Application Data\ArcSoft
2008-03-08 02:50:39 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-03-07 21:52:41 0 d-------- C:\Documents and Settings\mike nordine\Application Data\EPSON
2008-03-07 19:19:39 0 d-------- C:\Documents and Settings\mike nordine\Application Data\Leadertech
2008-03-07 19:12:40 0 d-------- C:\Program Files\epson
2008-03-07 19:12:04 0 d-------- C:\Program Files\ArcSoft
2008-03-07 19:05:45 0 d-------- C:\Program Files\Azureus
2008-03-07 03:37:17 0 d-------- C:\Program Files\Essentials Codec Pack
2008-03-07 02:54:14 0 d-------- C:\Program Files\CS Software
2008-03-07 02:36:26 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-07 02:36:22 0 d-------- C:\Documents and Settings\mike nordine\Application Data\Real
2008-03-03 14:29:47 1588 --a------ C:\WINDOWS\mozver.dat
2008-03-02 00:14:36 0 d-------- C:\Program Files\Activision
2008-02-27 01:12:40 0 d-------- C:\Documents and Settings\mike nordine\Application Data\uTorrent
2008-02-19 03:38:44 0 d-------- C:\Documents and Settings\mike nordine\Application Data\Moyea
2008-02-12 14:29:52 0 d-------- C:\Documents and Settings\mike nordine\Application Data\MoyeaFLV2Video
2008-02-12 03:31:31 0 d-------- C:\Program Files\Moyea
2008-02-12 02:39:18 0 d-------- C:\Program Files\AliveMedia


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
02/23/2008 09:08 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/18/2008 01:48 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [02/23/2008 09:08 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [08/28/2003 03:45 AM C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [11/29/2001 01:00 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/07/2007 04:24 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [02/07/2007 04:21 PM]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 11:44 AM]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [12/12/2007 10:11 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 02:37 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 09:50 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/13/2003 09:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [11/16/2006 07:04 PM]
"@"="" []
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [12/03/2003 07:17 AM]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [12/03/2003 05:13 AM]

C:\Documents and Settings\mike nordine\Start Menu\Programs\Startup\
WinBar.lnk - C:\Program Files\WinBar\WinBar.exe [10/06/2007 3:36:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 01/30/2008 03:11 AM 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-04-12 22:24:32 ------------

    Advertisements

Register to Remove


#32 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 13 April 2008 - 05:14 AM

Hi

Congratulations, you appear to be malware free.

Open OTMoveIt and click on the Cleanup button.

That should also remove DSS. If not delete the DSS icon and then this folder
C:\Deckard


You may wish to keep hold of the Kaspersky Online Scan as an extra on-demand virus-scanner.
If not you can uninstall it through Start>Control Panel>Add/Remove Programs


  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.


Malwarebytes Anti-Malware is a good program to keep. If you wish to keep it, use it to do a quick scan once a week and keep it updated.
Remember, only the paid for version offers real-time protection

Here is another free program I recommend.

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

Here is some great information from experts in this field that will help you stay clean and safe online.
http://forum.malware...wtopic.php?t=14

Follow this list and your potential for being infected again will reduce dramatically.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#33 mikeonavtx

mikeonavtx

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 13 April 2008 - 11:15 AM

thanks for helping me Scotty, you have done more than i have ever expected!

#34 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 13 April 2008 - 11:24 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users