Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Virus removal success! But... now computer won't load google/yahoo?

  • 23-06-2008 8:41pm
    #1
    Xiney
    Registered Users, Registered Users 2 Posts: 8,085 ✭✭✭


    It's very odd - and very annoying since I use Google for just about everything.

    Also it makes "googling" the problem pretty impossible.

    Anyone got any ideas?


Comments

  • #2
    mrfreddred
    Closed Accounts Posts: 44 mrfreddred


    Hmmm....I need more info ....but it probably means that the virus has affected your Internet Explorer so that you cant load www.google.ie .I would download Firefox 3 from Mozilla and give it a try instead as its very much like Internet Explorer....If it works then you need to reinstall IE or reset it to its default settings...try the link below

    http://www.malwarehelp.org/how-to-reset-internet-explorer-6-to.html

    But use Firefox as a start.....
    www.mozilla.com


  • #3
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Do this

    Please download ATF Cleaner by Atribune.
      Double-click
    ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    If you use Firefox browser
      Click
    Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
      Click
    Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.


    Then see if that fixes it

    If not follow the steps in the Sticky Thread


  • #4
    Xiney
    Registered Users, Registered Users 2 Posts: 8,085 ✭✭✭Xiney


    cool beans, thanks for the info.

    I use firefox, but it wasn't working in ie or firefox.

    I set avg to scan again overnight, as I was leaving it found a virus that it had already found.. I thought I'd told it to get rid of that!?

    I don't work tomorrow so I'll do this on Wednesday and let you know how I get on :D


  • #5
    Xiney
    Registered Users, Registered Users 2 Posts: 8,085 ✭✭✭Xiney


    It's definitely working better now! I think it's all fixed, here's the Deckard System Scanner Log just to be sure (since I'm not sure what it means)

    extra.txt


  • #6
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Post the main text as well, do not attach it


  • Advertisement
  • #7
    Xiney
    Registered Users, Registered Users 2 Posts: 8,085 ✭✭✭Xiney


    Deckard's System Scanner v20071014.68
    Run by Harbour House on 2008-06-25 19:11:17
    Computer is in Normal Mode.

    -- System Restore

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    98: 2008-06-25 18:11:35 UTC - RP931 - Deckard's System Scanner Restore Point
    97: 2008-06-25 15:04:59 UTC - RP930 - Installed SUPERAntiSpyware Free Edition
    96: 2008-06-25 13:45:09 UTC - RP929 - prior to virus nukage 25-06-08
    95: 2008-06-24 19:13:51 UTC - RP928 - System Checkpoint
    94: 2008-06-23 18:50:32 UTC - RP927 - System Checkpoint


    -- First Restore Point --
    1: 2008-06-16 13:46:10 UTC - RP834 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 510 MiB (512 MiB recommended).


    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-06-25 19:13:42
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Grisoft\AVG7\avgrssvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgrssvc.exe
    C:\Program Files\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Harbour House\Desktop\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.harbourhousehostel.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {D5FC3FEE-8A30-4F40-A14F-82C3286B931B} - C:\WINDOWS\system32\wvUoNDww.dll (file missing)
    O2 - BHO: (no name) - {FAAF4503-E52D-4B3B-9B12-D408F13AD817} - C:\WINDOWS\system32\mlJDtuSL.dll (file missing)
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: ADVFN 4v4 () - http://www.advfn.com/p.php?pid=loadercab
    O16 - DPF: Ulster Bank AnyTime () - https://anytime2.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137780826390
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab
    O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\system32\avgwlntf.dll
    O20 - Winlogon Notify: mlJDtuSL - C:\WINDOWS\system32\mlJDtuSL.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe


    --
    End of file - 9019 bytes

    -- File Associations

    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1>
    R3 HCWBT8XX (Hauppauge WinTV 848/9 WDM Video Driver) - c:\windows\system32\drivers\hcwbt8xx.sys <Not Verified; Hauppauge Computer Works; WinTV WDM Driver>
    R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

    S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
    S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    S2 WLTRYSVC - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)


    -- Device Manager: Disabled

    No disabled devices found.


    -- Files created between 2008-05-25 and 2008-06-25

    2008-06-25 18:31:07 0 d
    C:\WINDOWS\LastGood
    2008-06-25 18:30:40 0 d
    C:\Program Files\Panda Security
    2008-06-25 16:08:41 0 d
    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-25 16:05:08 0 d
    C:\Program Files\SUPERAntiSpyware
    2008-06-25 16:05:08 0 d
    C:\Documents and Settings\Harbour House\Application Data\SUPERAntiSpyware.com
    2008-06-25 16:04:15 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-25 14:49:40 0 d
    C:\Documents and Settings\Harbour House\Application Data\Malwarebytes
    2008-06-25 14:49:28 0 d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-25 14:49:26 0 d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-23 23:30:00 0 d
    C:\Documents and Settings\Harbour House\Application Data\SignupShield
    2008-06-21 19:03:47 0 d
    C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-06-20 22:35:02 0 --a
    C:\WINDOWS\system32\MSVolume.dll
    2008-06-19 12:58:03 0 d
    C:\Program Files\LizardTech
    2008-06-16 14:45:59 524785 --ahs---- C:\WINDOWS\system32\wwDNoUvw.ini2
    2008-06-16 13:51:45 0 d
    C:\WINDOWS\MaxSecureBackup
    2008-06-16 13:49:27 63 --a
    C:\WINDOWS\system\SYSRegC.dll
    2008-06-16 13:49:00 143360 --a
    C:\WINDOWS\system32\GetHardDiskNo.dll <Not Verified; MaxSecure Software; MaxSecure Registration Module>
    2008-06-16 13:09:08 0 d
    C:\Program Files\uTorrent
    2008-06-16 13:09:03 0 d
    C:\Documents and Settings\Harbour House\Application Data\uTorrent


    -- Find3M Report

    2008-06-25 18:17:18 0 d
    C:\Program Files\fsupport
    2008-06-25 16:04:15 0 d
    C:\Program Files\Common Files
    2008-06-25 12:58:42 0 d
    C:\Documents and Settings\Harbour House\Application Data\AVG7
    2008-06-23 23:43:10 0 d
    C:\Program Files\Dl_cats
    2008-06-23 23:30:30 0 d
    C:\Documents and Settings\Harbour House\Application Data\U3
    2008-05-16 21:07:39 63472 --a
    C:\Documents and Settings\Harbour House\Application Data\GDIPFONTCACHEV1.DAT
    2008-05-05 22:01:01 0 d
    C:\Documents and Settings\Harbour House\Application Data\Adobe
    2008-05-05 15:28:54 0 d
    C:\Program Files\Common Files\Adobe
    2008-05-01 16:16:46 0 d
    C:\Program Files\MSECache
    2008-04-30 15:30:43 0 d
    C:\Documents and Settings\Harbour House\Application Data\CoreFTP
    2008-04-25 19:52:20 1160 --a
    C:\WINDOWS\mozver.dat
    2008-04-21 15:56:01 0 --a
    C:\WINDOWS\nsreg.dat


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5FC3FEE-8A30-4F40-A14F-82C3286B931B}]
    C:\WINDOWS\system32\wvUoNDww.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAAF4503-E52D-4B3B-9B12-D408F13AD817}]
    C:\WINDOWS\system32\mlJDtuSL.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [31/05/2005 05:33]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 10:35]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 10:32]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 10:36]
    "DLCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [15/08/2005 18:40]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21/06/2008 20:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"=Narrator.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{FAAF4503-E52D-4B3B-9B12-D408F13AD817}"= C:\WINDOWS\system32\mlJDtuSL.dll [ ]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 21/06/2008 19:04 9216 C:\WINDOWS\system32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJDtuSL]
    mlJDtuSL.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUoNDww

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\DellSupport\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcjmon.exe]
    "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
    "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCAutoLiveUpdate]
    C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystemTray]
    C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchAndDestroyT]
    C:\Program Files\Search And Destroy\SearchAndDestroy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{078ea345-db1e-11dc-a07b-00132044acc1}]
    Auto\command- Start.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0cd2296-b3c9-11db-9ec6-00132044acc1}]
    Auto\command- AdobeR.exe e
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e




    -- End of Deckard's System Scanner: finished at 2008-06-25 19:16:54


  • #8
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Didn't do much of a job removing the malware, plenty on there :P

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {D5FC3FEE-8A30-4F40-A14F-82C3286B931B} - C:\WINDOWS\system32\wvUoNDww.dll (file missing)
    O2 - BHO: (no name) - {FAAF4503-E52D-4B3B-9B12-D408F13AD817} - C:\WINDOWS\system32\mlJDtuSL.dll (file missing)
    O20 - Winlogon Notify: mlJDtuSL - C:\WINDOWS\system32\mlJDtuSL.dll (file missing)


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      [kill explorer]
C:\WINDOWS\system32\MSVolume.dll
C:\WINDOWS\system32\wwDNoUvw.ini2
C:\WINDOWS\system\SYSRegC.dll
C:\WINDOWS\system32\GetHardDiskNo.dll
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{078ea345-db1e-11dc-a07b-00132044acc1}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0cd2296-b3c9-11db-9ec6-00132044acc1}
purity 
EmptyTemp
[start explorer]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



    Reboot and post a new DSS Log


  • #9
    Xiney
    Registered Users, Registered Users 2 Posts: 8,085 ✭✭✭Xiney


    I didn't use Hijack This, I used the stuff in the sticky thread (which doesn't have hijack this listed)

    Again, I'm not working today so I'll do this tomorrow :)


  • #10
    Xiney
    Registered Users, Registered Users 2 Posts: 8,085 ✭✭✭Xiney


    Thanks a million for all your help guys :)

    Explorer killed successfully
    LoadLibrary failed for C:\WINDOWS\system32\MSVolume.dll
    C:\WINDOWS\system32\MSVolume.dll NOT unregistered.
    C:\WINDOWS\system32\MSVolume.dll moved successfully.
    C:\WINDOWS\system32\wwDNoUvw.ini2 moved successfully.
    LoadLibrary failed for C:\WINDOWS\system\SYSRegC.dll
    C:\WINDOWS\system\SYSRegC.dll NOT unregistered.
    C:\WINDOWS\system\SYSRegC.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\GetHardDiskNo.dll
    C:\WINDOWS\system32\GetHardDiskNo.dll NOT unregistered.
    C:\WINDOWS\system32\GetHardDiskNo.dll moved successfully.
    < HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{078ea345-db1e-11dc-a07b-00132044acc1} >
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{078ea345-db1e-11dc-a07b-00132044acc1}\\ deleted successfully.
    < HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0cd2296-b3c9-11db-9ec6-00132044acc1} >
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0cd2296-b3c9-11db-9ec6-00132044acc1}\\ deleted successfully.
    < purity >
    < EmptyTemp >
    File delete failed. C:\WINDOWS\temp\T30DebugLogFile.txt scheduled to be deleted on reboot.
    Temp folders emptied.
    IE temp folders emptied.
    Explorer started successfully

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 06272008_204218

    Files moved on Reboot...
    C:\WINDOWS\temp\T30DebugLogFile.txt moved successfully.


  • #11
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Post a new DSS log


  • Advertisement
  • #12
    Xiney
    Registered Users, Registered Users 2 Posts: 8,085 ✭✭✭Xiney


    Deckard's System Scanner v20071014.68
    Run by Harbour House on 2008-06-28 21:08:35
    Computer is in Normal Mode.

    Total Physical Memory: 510 MiB (512 MiB recommended).


    -- HijackThis (run as Harbour House.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:09:30, on 28/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dlcjcoms.exe
    C:\Documents and Settings\Harbour House\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Harbour House.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.harbourhousehostel.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: ADVFN 4v4 - http://www.advfn.com/p.php?pid=loadercab
    O16 - DPF: Ulster Bank AnyTime - https://anytime2.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137780826390
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://ebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 7765 bytes

    -- Files created between 2008-05-28 and 2008-06-28

    2008-06-27 20:37:27 0 d
    C:\Program Files\Trend Micro
    2008-06-25 18:30:40 0 d
    C:\Program Files\Panda Security
    2008-06-25 16:08:41 0 d
    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-25 16:05:08 0 d
    C:\Program Files\SUPERAntiSpyware
    2008-06-25 16:05:08 0 d
    C:\Documents and Settings\Harbour House\Application Data\SUPERAntiSpyware.com
    2008-06-25 16:04:15 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-25 14:49:40 0 d
    C:\Documents and Settings\Harbour House\Application Data\Malwarebytes
    2008-06-25 14:49:28 0 d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-25 14:49:26 0 d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-23 23:30:00 0 d
    C:\Documents and Settings\Harbour House\Application Data\SignupShield
    2008-06-21 19:03:47 0 d
    C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-06-19 12:58:03 0 d
    C:\Program Files\LizardTech
    2008-06-16 13:51:45 0 d
    C:\WINDOWS\MaxSecureBackup
    2008-06-16 13:09:08 0 d
    C:\Program Files\uTorrent
    2008-06-16 13:09:03 0 d
    C:\Documents and Settings\Harbour House\Application Data\uTorrent


    -- Find3M Report

    2008-06-28 17:29:42 0 d
    C:\Program Files\Dl_cats
    2008-06-28 09:14:33 0 d
    C:\Documents and Settings\Harbour House\Application Data\AVG7
    2008-06-25 18:17:18 0 d
    C:\Program Files\fsupport
    2008-06-25 16:04:15 0 d
    C:\Program Files\Common Files
    2008-06-23 23:30:30 0 d
    C:\Documents and Settings\Harbour House\Application Data\U3
    2008-05-16 21:07:39 63472 --a
    C:\Documents and Settings\Harbour House\Application Data\GDIPFONTCACHEV1.DAT
    2008-05-05 22:01:01 0 d
    C:\Documents and Settings\Harbour House\Application Data\Adobe
    2008-05-05 15:28:54 0 d
    C:\Program Files\Common Files\Adobe
    2008-05-01 16:16:46 0 d
    C:\Program Files\MSECache
    2008-04-30 15:30:43 0 d
    C:\Documents and Settings\Harbour House\Application Data\CoreFTP
    2008-04-25 19:52:20 1160 --a
    C:\WINDOWS\mozver.dat
    2008-04-21 15:56:01 0 --a
    C:\WINDOWS\nsreg.dat


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 20:12]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [31/05/2005 05:33]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 10:35]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 10:32]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 10:36]
    "DLCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [15/08/2005 18:40]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21/06/2008 20:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator"=Narrator.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll 21/06/2008 19:04 9216 C:\WINDOWS\system32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUoNDww

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\DellSupport\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcjmon.exe]
    "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
    "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCAutoLiveUpdate]
    C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystemTray]
    C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchAndDestroyT]
    C:\Program Files\Search And Destroy\SearchAndDestroy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"




    -- End of Deckard's System Scanner: finished at 2008-06-28 21:10:22


  • #13
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Backup Your Registry with ERUNT
    • Please use the following link and scroll down to ERUNT and download it.
      http://aumha.org/freeware/freeware.php
    • For version with the Installer:
      Use the setup program to install ERUNT on your computer
    • For the zipped version:
      Unzip all the files into a folder of your choice.
    Click Erunt.exe to backup your registry to the folder of your choice.

    Note: to restore your registry, go to the folder and start ERDNT.exe




    Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.
    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchAndDestroyT]


    Then double click on the fix.reg file, when it prompts to merge click "Yes".




    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner and click Accept

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
      • Scan Options:
        Scan Archives
        Scan Mail Bases

        [*]Click OK
        [*]Now under select a target to scan:
          Select
        My Computer

        [*]This will program will start and scan your system.
        [*]The scan will take a while so be patient and let it run.
        [*]Once the scan is complete it will display if your system has been infected.
        • Now click on the Save as Text button:
        [*]Save the file to your desktop.
        [*]Copy and paste that information in your next post.




        Reboot and post a new DSS log


      Advertisement