TechSpot

Deckard's Scan Log Inside

By MizumiAmaya
Jun 9, 2008
  1. I've been having a lot of trouble with freezing, lagging, and programs simply not starting up. I'm a bit lost as to what to do... Is it just my computer being slow or is there an issue I'm missing? Heh. ^_^;

    -------------

    ((Will post log in next post))
     
  2. MizumiAmaya

    MizumiAmaya TS Rookie Topic Starter

    Log Pt.1

    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [a-squared] "E:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [Nqwp] C:\WINDOWS\system32\a?sembly\n?pdb.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Shannon Lindberg\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll (file missing)
    O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
    O20 - Winlogon Notify: rqrsrol - rqrsrol.dll (file missing)
    O23 - Service: McAfee Application Installer Cleanup (0301921209771835) (0301921209771835mcinstcleanup) - Unknown owner - C:\DOCUME~1\SHANNO~1\LOCALS~1\Temp\030192~1.EXE (file missing)
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - E:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - E:\Restore\Ghost\Agent\PQV2iSvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 9490 bytes

    -- Files created between 2008-05-09 and 2008-06-09 -----------------------------

    2008-06-09 02:01:53 0 d-------- C:\WINDOWS\LastGood
    2008-06-08 23:59:22 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
    2008-06-08 23:44:59 0 d-------- C:\Program Files\Norton 360
    2008-06-08 23:43:52 0 d-------- C:\Program Files\Symantec
    2008-05-18 23:41:46 0 d-------- C:\Program Files\Spyware Doctor
    2008-05-18 23:41:46 0 d-------- C:\Documents and Settings\Shannon Lindberg\Application Data\PC Tools
    2008-05-18 23:41:36 0 d-------- C:\WINDOWS\3A4FFB84D0704DA5AB7BD41D87FD8D19.TMP
    2008-05-18 23:40:25 0 d-------- C:\Documents and Settings\Shannon Lindberg\Application Data\Google
    2008-05-18 23:40:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
    2008-05-18 23:39:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater


    -- Find3M Report ---------------------------------------------------------------

    2008-06-09 02:06:05 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-06-08 23:44:49 0 d-------- C:\Program Files\Common Files
    2008-06-08 00:58:54 0 d-------- C:\Documents and Settings\Shannon Lindberg\Application Data\LimeWire
    2008-06-06 02:42:08 0 d-------- C:\Documents and Settings\Shannon Lindberg\Application Data\uTorrent
    2008-05-27 19:43:49 8494592 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2008-05-19 00:10:37 0 d-------- C:\Program Files\Common Files\Adobe
    2008-05-18 23:40:21 0 d-------- C:\Program Files\Google
    2008-05-03 20:30:58 0 d-------- C:\Program Files\Apple Software Update
    2008-04-29 10:15:51 0 d-------- C:\Program Files\Jasc Software Inc
    2008-04-21 23:38:12 0 d-------- C:\Program Files\AutoMacroRecorder
    2008-04-17 12:41:03 0 d-------- C:\Program Files\Common Files\AOL
    2008-04-15 21:24:13 0 d-------- C:\Documents and Settings\Shannon Lindberg\Application Data\Jasc
    2008-04-14 13:04:39 0 d-------- C:\Program Files\RcvSystem
    2008-04-12 20:48:36 0 d-------- C:\Program Files\iPod
    2008-04-12 20:29:43 0 d-------- C:\Program Files\QuickTime
    2008-04-12 20:03:26 0 d-------- C:\Program Files\Common Files\Apple
    2008-04-10 13:46:30 0 d-------- C:\Program Files\Opera
     
  3. MizumiAmaya

    MizumiAmaya TS Rookie Topic Starter

    Log Pt.2

    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100AC631-4388-4165-B3AA-858F07FBFD03}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CB5D961-E050-478E-B2EC-9E44F443E20C}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{477840F3-BA52-44D9-8E41-38D61CAA010F}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D0540A5-F1D2-43AB-8E19-3DE7E0EF8712}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96088718-1dd1-11b2-b3ac-981c77a57d08}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9D47B1A-D0CC-4109-9A2B-ED91B8A5E166}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB7E1816-6B8B-4FCA-A489-EBD5CC51A8B2}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0C79F44-5F27-4BF3-AEE1-4B0040383618}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA410A2A-A3D6-4A93-A183-ECA54C969624}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6685A13-6924-4AA4-810C-E809155E82E4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F12A7A8B-E102-4D94-AAB6-FFECB2674C49}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB96D59A-05B1-4F87-BC3A-E5B45E16B57E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [11/17/2006 06:42 AM C:\WINDOWS\soundman.exe]
    "Norton Ghost 9.0"="E:\Restore\Ghost\Agent\GhostTray.exe" [11/10/2004 11:03 AM]
    "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" []
    "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 05:22 PM]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
    "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/18/2008 11:40 PM]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
    "BootSkin Startup Jobs"="D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
    "a-squared"="E:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" [06/07/2008 08:49 PM]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 09:54 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Nqwp"="C:\WINDOWS\system32\a?sembly\n?pdb.exe" []
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsrol]
    rqrsrol.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 01/25/2008 02:13 AM 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=wbsys.dll C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c634f379-b4b0-11dc-9c57-806d6172696f}]
    AutoRun\command- F:\Atisetup.exe

    *Newly Created Service* - CLTNETCNSERVICE
    *Newly Created Service* - COMHOST
    *Newly Created Service* - ERASERUTILREBOOTDRV



    -- End of Deckard's System Scanner: finished at 2008-06-09 02:06:56 ------------
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You are infected, even without posting complete logs. Instead of pasting the logs can you post them as attachments. Save them to your desktop then use the paperclip icon above your reply to attach. I don't want to see more logs till you have followed our preliminary removal.


    please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

    1)MBAM or SAS log
    2)Combofix log
    3)Hijackthis log (Step 15)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...