Deckard's Scan Log Inside

Status
Not open for further replies.
M

MizumiAmaya

I've been having a lot of trouble with freezing, lagging, and programs simply not starting up. I'm a bit lost as to what to do... Is it just my computer being slow or is there an issue I'm missing? Heh. ^_^;

-------------

((Will post log in next post))
 
Log Pt.1

O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [a-squared] "E:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Nqwp] C:\WINDOWS\system32\a?sembly\n?pdb.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Shannon Lindberg\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {F009BAD5-2FAF-4E10-B7AA-61A22524AC30} - C:\Program Files\Refresh Bar\IERefresh.dll (file missing)
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: rqrsrol - rqrsrol.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0301921209771835) (0301921209771835mcinstcleanup) - Unknown owner - C:\DOCUME~1\SHANNO~1\LOCALS~1\Temp\030192~1.EXE (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - E:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - E:\Restore\Ghost\Agent\PQV2iSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9490 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 02:01:53 0 d-------- C:\WINDOWS\LastGood
2008-06-08 23:59:22 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-06-08 23:44:59 0 d-------- C:\Program Files\Norton 360
2008-06-08 23:43:52 0 d-------- C:\Program Files\Symantec
2008-05-18 23:41:46 0 d-------- C:\Program Files\Spyware Doctor
2008-05-18 23:41:46 0 d-------- C:\Documents and Settings\Shannon Lindberg\Application Data\PC Tools
2008-05-18 23:41:36 0 d-------- C:\WINDOWS\3A4FFB84D0704DA5AB7BD41D87FD8D19.TMP
2008-05-18 23:40:25 0 d-------- C:\Documents and Settings\Shannon Lindberg\Application Data\Google
2008-05-18 23:40:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-18 23:39:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater


-- Find3M Report ---------------------------------------------------------------

2008-06-09 02:06:05 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-08 23:44:49 0 d-------- C:\Program Files\Common Files
2008-06-08 00:58:54 0 d-------- C:\Documents and Settings\Shannon Lindberg\Application Data\LimeWire
2008-06-06 02:42:08 0 d-------- C:\Documents and Settings\Shannon Lindberg\Application Data\uTorrent
2008-05-27 19:43:49 8494592 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-19 00:10:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-18 23:40:21 0 d-------- C:\Program Files\Google
2008-05-03 20:30:58 0 d-------- C:\Program Files\Apple Software Update
2008-04-29 10:15:51 0 d-------- C:\Program Files\Jasc Software Inc
2008-04-21 23:38:12 0 d-------- C:\Program Files\AutoMacroRecorder
2008-04-17 12:41:03 0 d-------- C:\Program Files\Common Files\AOL
2008-04-15 21:24:13 0 d-------- C:\Documents and Settings\Shannon Lindberg\Application Data\Jasc
2008-04-14 13:04:39 0 d-------- C:\Program Files\RcvSystem
2008-04-12 20:48:36 0 d-------- C:\Program Files\iPod
2008-04-12 20:29:43 0 d-------- C:\Program Files\QuickTime
2008-04-12 20:03:26 0 d-------- C:\Program Files\Common Files\Apple
2008-04-10 13:46:30 0 d-------- C:\Program Files\Opera
 
Log Pt.2

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100AC631-4388-4165-B3AA-858F07FBFD03}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2CB5D961-E050-478E-B2EC-9E44F443E20C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{477840F3-BA52-44D9-8E41-38D61CAA010F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D0540A5-F1D2-43AB-8E19-3DE7E0EF8712}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96088718-1dd1-11b2-b3ac-981c77a57d08}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9D47B1A-D0CC-4109-9A2B-ED91B8A5E166}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB7E1816-6B8B-4FCA-A489-EBD5CC51A8B2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0C79F44-5F27-4BF3-AEE1-4B0040383618}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA410A2A-A3D6-4A93-A183-ECA54C969624}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6685A13-6924-4AA4-810C-E809155E82E4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F12A7A8B-E102-4D94-AAB6-FFECB2674C49}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB96D59A-05B1-4F87-BC3A-E5B45E16B57E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [11/17/2006 06:42 AM C:\WINDOWS\soundman.exe]
"Norton Ghost 9.0"="E:\Restore\Ghost\Agent\GhostTray.exe" [11/10/2004 11:03 AM]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" []
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 05:22 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/18/2008 11:40 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"BootSkin Startup Jobs"="D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
"a-squared"="E:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" [06/07/2008 08:49 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 09:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nqwp"="C:\WINDOWS\system32\a?sembly\n?pdb.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsrol]
rqrsrol.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 01/25/2008 02:13 AM 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c634f379-b4b0-11dc-9c57-806d6172696f}]
AutoRun\command- F:\Atisetup.exe

*Newly Created Service* - CLTNETCNSERVICE
*Newly Created Service* - COMHOST
*Newly Created Service* - ERASERUTILREBOOTDRV



-- End of Deckard's System Scanner: finished at 2008-06-09 02:06:56 ------------
 
You are infected, even without posting complete logs. Instead of pasting the logs can you post them as attachments. Save them to your desktop then use the paperclip icon above your reply to attach. I don't want to see more logs till you have followed our preliminary removal.


please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

1)MBAM or SAS log
2)Combofix log
3)Hijackthis log (Step 15)
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
EA says 60 percent of the Madden save files it corrupted during "maintenance" cannot be...
Replies
7
Views
751
Xallisto
Xallisto
A
Microsoft can open and scan password-protected Zip archives in the cloud
Replies
13
Views
701
Gars
Gars
midian182
OpenAI responds to Musk lawsuit by publishing his emails: Urged it to raise $1 billion,...
2
Replies
34
Views
8K
lonetac
L

Latest posts

Back