Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problems with multiple Malware programs

Started by Feanorfenwe , Apr 14 2008 04:10 PM

  • This topic is locked This topic is locked

#16
Feanorfenwe
Posted 15 April 2008 - 04:13 PM

Feanorfenwe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
If i just try to install Java nothing happens. I just click on the install file and nothing comes up
  • 0

Advertisements

#17
miekiemoes
Posted 15 April 2008 - 04:19 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
I assume you tried the full "offline" package (Sun Java) as instructed?
  • 0

#18
miekiemoes
Posted 15 April 2008 - 04:27 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
By the way, the following instructions with screenshots may be easier to follow, so perform them all:
http://support.micro...n...p;x=10&y=15
This also includes to check if the Windows Installer Service is running.

Not sure if this is actually an issue with Windows Installer or Sun java itself, because I have seen this issue already a lot of times with Sun Java only while nothing was wrong with Windows installer.
  • 0

#19
Feanorfenwe
Posted 15 April 2008 - 04:36 PM

Feanorfenwe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
did all that and still nothing.
  • 0

#20
miekiemoes
Posted 15 April 2008 - 04:49 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
If you did all that and still the same, then I don't really think it's an issue with Windows installer anyway though, but rather an issue with Sun Java itself... because as I said, this is a common issue with Sun Java.
Can you try this one? http://www.majorgeek...ment_d4648.html

Also, You may want to try the MS windows installer cleanup utility to fix that problem.
http://support.microsoft.com/kb/290301

Only delete the java references there - then reinstall Sun Java
  • 0

#21
Feanorfenwe
Posted 15 April 2008 - 05:01 PM

Feanorfenwe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I got the one java off with the cleanup utility but still no luck with installing the updated version

Edited by Feanorfenwe, 15 April 2008 - 05:01 PM.

  • 0

#22
miekiemoes
Posted 15 April 2008 - 05:26 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
It's strange.
I assume you didn't get any error messages while performing the steps to troubleshoot Windows Installer issues? If you didn't, then it should be a java thing only.

Anyway, let's have a look first with another log to delete malware related leftovers if still present - this to make sure nothing else is interfering here.


* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#23
Feanorfenwe
Posted 15 April 2008 - 06:26 PM

Feanorfenwe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ComboFix 08-04-15.1 - Justin 2008-04-15 20:14:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1737 [GMT -4:00]
Running from: F:\Documents and Settings\Justin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\WINDOWS\system32\ftugjusf.ini
F:\WINDOWS\system32\gfrwehxq.ini
F:\WINDOWS\system32\ghhjRXyb.ini
F:\WINDOWS\system32\ghhjRXyb.ini2
F:\WINDOWS\system32\iexp_log.txt
F:\WINDOWS\system32\lcmuvhps.ini
F:\WINDOWS\system32\mcrh.tmp
F:\WINDOWS\system32\MnpAJRqr.ini
F:\WINDOWS\system32\MnpAJRqr.ini2
F:\WINDOWS\system32\pAaKUvut.ini
F:\WINDOWS\system32\pAaKUvut.ini2
F:\WINDOWS\system32\pitkydhd.ini
F:\WINDOWS\system32\ppaqqlpy.ini
F:\WINDOWS\system32\tCJiOUvw.ini
F:\WINDOWS\system32\tCJiOUvw.ini2
F:\WINDOWS\system32\WGhQstwa.ini
F:\WINDOWS\system32\WGhQstwa.ini2
F:\WINDOWS\system32bdn.com
F:\WINDOWS\system32hxiwlgpm.dat
F:\WINDOWS\system32ssvchost.com
F:\WINDOWS\system32taack.dat
F:\WINDOWS\system32VBIEWER.OCX

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BDGUARD


((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-15 18:08 . 2008-04-15 18:08 <DIR> d-------- F:\Documents and Settings\Administrator
2008-04-15 16:46 . 2008-04-15 16:46 <DIR> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 16:46 . 2008-04-15 16:46 <DIR> d-------- F:\Documents and Settings\Justin\Application Data\Malwarebytes
2008-04-15 16:46 . 2008-04-15 16:46 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-15 15:39 . 2008-04-15 15:39 <DIR> d-------- F:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-04-15 15:36 . 2008-04-15 15:36 <DIR> d-------- F:\Program Files\Avira
2008-04-15 15:36 . 2008-04-15 15:36 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Avira
2008-04-15 15:31 . 2008-04-15 15:38 1,600,197 --ahs---- F:\WINDOWS\system32\mfneejdu.ini
2008-04-14 21:52 . 2008-04-14 21:52 <DIR> d-------- F:\Program Files\Panda Security
2008-04-14 01:19 . 2008-04-15 15:38 1,706 --a------ F:\WINDOWS\wininit.ini
2008-04-14 01:09 . 2008-04-14 01:09 <DIR> d-------- F:\Program Files\Trend Micro
2008-04-14 01:04 . 2008-04-14 01:04 <DIR> d-------- F:\Program Files\Spybot - Search & Destroy
2008-04-14 01:04 . 2008-04-14 01:21 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-14 01:03 . 2008-04-14 01:03 <DIR> d-------- F:\Documents and Settings\Justin\Application Data\Uniblue
2008-04-14 01:00 . 2008-04-14 01:14 <DIR> d-------- F:\Documents and Settings\Justin\.housecall6.6
2008-04-14 00:52 . 2008-04-14 00:52 <DIR> d-------- F:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 00:47 . 2008-04-14 03:08 <DIR> d-------- F:\Documents and Settings\Justin\Application Data\TmpRecentIcons
2008-04-13 23:18 . 2008-04-15 15:43 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\lsjotyfg
2008-04-10 21:16 . 2008-04-14 08:01 54,156 --ah----- F:\WINDOWS\QTFont.qfn
2008-04-10 21:16 . 2008-04-10 21:16 1,409 --a------ F:\WINDOWS\QTFont.for
2008-04-05 16:30 . 1998-05-07 13:57 143,872 --a------ F:\WINDOWS\system32\iacenc.dll
2008-04-05 16:30 . 1997-06-13 11:56 56,832 --a------ F:\WINDOWS\system32\iyvu9_32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 03:22 --------- d-----w F:\Program Files\IK Multimedia
2008-04-14 03:19 --------- d-----w F:\Documents and Settings\Justin\Application Data\uTorrent
2008-04-05 20:29 --------- d-----w F:\Program Files\Microsoft Games
2008-03-22 15:04 --------- d-----w F:\Program Files\uTorrent
2008-03-21 20:17 --------- d-----w F:\Documents and Settings\Justin\Application Data\Apple Computer
2008-03-21 02:48 --------- d-----w F:\Program Files\Xfire
2008-03-19 00:08 --------- d-----w F:\Documents and Settings\Justin\Application Data\Xfire
2008-03-18 01:07 --------- d-----w F:\Documents and Settings\Justin\Application Data\skypePM
2008-03-18 01:07 --------- d-----w F:\Documents and Settings\Justin\Application Data\Skype
2008-02-26 23:20 --------- d-----w F:\Program Files\VideoLAN
2008-01-17 02:50 32 ----a-w F:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-17 05:22 22,328 ----a-w F:\Documents and Settings\Justin\Application Data\PnkBstrK.sys
2007-08-23 19:23 55,200 ----a-w F:\Documents and Settings\Justin\Application Data\GDIPFONTCACHEV1.DAT
2007-08-08 17:07 604 ---ha-w F:\Program Files\STLL Notifier
2004-12-03 13:28 651,264 ----a-w F:\Program Files\Common Files\ARP2600 V.dpm
2003-02-24 21:28 761,358 ----a-w F:\Program Files\Common Files\ARP2600 V.dpm.rsr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="F:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Uniblue RegistryBooster 2"="F:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="F:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:31 208952]
"PHIME2002ASync"="F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 01:32 455168]
"PHIME2002A"="F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 01:32 455168]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"MacDrive7.0.4TimeOutPatch"="F:\Program Files\Mediafour\MacDrive 7\TimeOutPatch.EXE" [ ]
"DigidesignMMERefresh"="F:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-02-15 00:31 61440]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"avgnt"="F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 03:56 15360]

F:\Documents and Settings\Justin\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - F:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-20 20:02:54 3450608]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=F:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^DualCoreCenter.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk
backup=F:\WINDOWS\pss\DualCoreCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 06:29 220544 F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 202024 F:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 F:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWITOOLBOX]
F:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 10:29 1056552 F:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2007-02-05 19:52 849280 F:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-31 18:44 271672 F:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 21:08 813912 F:\Program Files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\leqgqxfv]
F:\WINDOWS\system32\lujmnova.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-07-18 17:55 451872 F:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
--a------ 2007-01-17 17:01 496640 F:\Program Files\MSI\Live Update 3\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 F:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 F:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2006-07-07 08:16 81920 F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 F:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2004-05-12 16:04 196608 F:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 F:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-12-18 23:12 16062464 F:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 10:30 2043688 F:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 06:04 2879488 F:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"nTuneService"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\uTorrent\\uTorrent.exe"=
"F:\\Program Files\\iTunes\\iTunes.exe"=
"F:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"F:\\WINDOWS\\system32\\PnkBstrA.exe"=
"F:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"F:\\Program Files\\Microsoft XNA\\XNA Game Studio Express\\v1.0\\Tools\\XNARPM.exe"=
"F:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"F:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:xboxlive1
"88:UDP"= 88:UDP:xboxlive2
"3330:UDP"= 3330:UDP:xboxlive3
"3074:TCP"= 3074:TCP:xboxlive4
"3074:UDP"= 3074:UDP:xboxlive5

R0 DigiFilter;DigiFilter;F:\WINDOWS\system32\drivers\DigiFilt.sys [2006-02-15 00:29]
R0 Si3531;SiI-3531 SATA Controller;F:\WINDOWS\system32\DRIVERS\Si3531.sys [2007-06-01 19:29]
R1 oreans32;oreans32;F:\WINDOWS\system32\drivers\oreans32.sys [2007-07-27 17:29]
R2 SBKUPNT;SBKUPNT;F:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
R2 SQLWriter;SQL Server VSS Writer;"F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;F:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-04 01:31]
S3 dalwdmservice;dal service;F:\WINDOWS\system32\drivers\dalwdm.sys [2006-02-14 23:17]
S3 USB44LDR;M-Audio USB MidiSport 4x4 Loader;F:\WINDOWS\system32\drivers\usb44ldr.sys [2007-07-30 21:18]
S3 USBMN4X4;M-Audio USB MidiSport 4x4;F:\WINDOWS\system32\drivers\usbmn4x4.sys [2007-07-30 21:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e3d7083-3b4c-11dc-8190-806d6172696f}]
\Shell\AutoRun\command - T:\Setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"F:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 20:17:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-15 20:25:22 - machine was rebooted [Justin]
ComboFix-quarantined-files.txt 2008-04-16 00:25:19

Pre-Run: 21,580,337,152 bytes free
Post-Run: 23,325,679,616 bytes free
.
2008-04-14 05:50:22 --- E O F ---

Edit: I am not sure why it says that I don't have the recovery console installed when I followed the second option for it on the combo-fix site,

Edited by Feanorfenwe, 15 April 2008 - 06:28 PM.

  • 0

#24
miekiemoes
Posted 16 April 2008 - 12:20 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Just some small leftovers here...

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
F:\WINDOWS\system32\drivers\oreans32.sys
F:\WINDOWS\system32\mfneejdu.ini
F:\WINDOWS\wininit.ini
Folder::
F:\Documents and Settings\All Users\Application Data\lsjotyfg
Driver::
oreans32
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\leqgqxfv]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Also, another cause why Windows Installer etc is causing problems is because a userprofile got corrupted. We'll look into that afterwards. First try to install Sun Java again after performing above steps.

If that still fails:
Disable your Avira (as it *may interfere with it as well)
Then try again.

If that still fails as well:
Read through the suggestions here:

http://support.microsoft.com/kb/555175

Perform them all - because this is important!
It's also important that you notify me about any error you get when performing these steps..

Edited by miekiemoes, 16 April 2008 - 12:46 AM.

  • 0

#25
miekiemoes
Posted 16 April 2008 - 12:51 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Ok... I just noticed that Java released a new version since a couple of hours ago - so *maybe that may explain it as well why the other version wouldn't install.

So please install the Java Runtime Environment (JRE) 6 Update 6 now: http://java.sun.com/...loads/index.jsp
  • 0

Advertisements

#26
Feanorfenwe
Posted 16 April 2008 - 07:01 AM

Feanorfenwe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
here is the new combofix, but I don't have time to try to install java again because I have class. I'll get it done when I get back later today.

ComboFix 08-04-15.1 - Justin 2008-04-16 8:27:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1693 [GMT -4:00]
Running from: F:\Documents and Settings\Justin\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
F:\WINDOWS\system32\drivers\oreans32.sys
F:\WINDOWS\system32\mfneejdu.ini
F:\WINDOWS\wininit.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Documents and Settings\All Users\Application Data\lsjotyfg
F:\WINDOWS\system32\drivers\oreans32.sys
F:\WINDOWS\system32\mfneejdu.ini
F:\WINDOWS\wininit.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-15 18:08 . 2008-04-15 18:08 <DIR> d-------- F:\Documents and Settings\Administrator
2008-04-15 16:46 . 2008-04-15 16:46 <DIR> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-04-15 16:46 . 2008-04-15 16:46 <DIR> d-------- F:\Documents and Settings\Justin\Application Data\Malwarebytes
2008-04-15 16:46 . 2008-04-15 16:46 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-15 15:39 . 2008-04-15 15:39 <DIR> d-------- F:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-04-15 15:36 . 2008-04-15 15:36 <DIR> d-------- F:\Program Files\Avira
2008-04-15 15:36 . 2008-04-15 15:36 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Avira
2008-04-14 21:52 . 2008-04-14 21:52 <DIR> d-------- F:\Program Files\Panda Security
2008-04-14 01:09 . 2008-04-14 01:09 <DIR> d-------- F:\Program Files\Trend Micro
2008-04-14 01:04 . 2008-04-14 01:04 <DIR> d-------- F:\Program Files\Spybot - Search & Destroy
2008-04-14 01:04 . 2008-04-14 01:21 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-14 01:03 . 2008-04-14 01:03 <DIR> d-------- F:\Documents and Settings\Justin\Application Data\Uniblue
2008-04-14 01:00 . 2008-04-14 01:14 <DIR> d-------- F:\Documents and Settings\Justin\.housecall6.6
2008-04-14 00:52 . 2008-04-14 00:52 <DIR> d-------- F:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 00:47 . 2008-04-14 03:08 <DIR> d-------- F:\Documents and Settings\Justin\Application Data\TmpRecentIcons
2008-04-10 21:16 . 2008-04-14 08:01 54,156 --ah----- F:\WINDOWS\QTFont.qfn
2008-04-10 21:16 . 2008-04-10 21:16 1,409 --a------ F:\WINDOWS\QTFont.for
2008-04-05 16:30 . 1998-05-07 13:57 143,872 --a------ F:\WINDOWS\system32\iacenc.dll
2008-04-05 16:30 . 1997-06-13 11:56 56,832 --a------ F:\WINDOWS\system32\iyvu9_32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 12:29 --------- d-----w F:\Documents and Settings\Justin\Application Data\uTorrent
2008-04-14 03:22 --------- d-----w F:\Program Files\IK Multimedia
2008-04-05 20:29 --------- d-----w F:\Program Files\Microsoft Games
2008-03-22 15:04 --------- d-----w F:\Program Files\uTorrent
2008-03-21 20:17 --------- d-----w F:\Documents and Settings\Justin\Application Data\Apple Computer
2008-03-21 02:48 --------- d-----w F:\Program Files\Xfire
2008-03-19 00:08 --------- d-----w F:\Documents and Settings\Justin\Application Data\Xfire
2008-03-18 01:07 --------- d-----w F:\Documents and Settings\Justin\Application Data\skypePM
2008-03-18 01:07 --------- d-----w F:\Documents and Settings\Justin\Application Data\Skype
2008-02-26 23:20 --------- d-----w F:\Program Files\VideoLAN
2008-01-17 02:50 32 ----a-w F:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-17 05:22 22,328 ----a-w F:\Documents and Settings\Justin\Application Data\PnkBstrK.sys
2007-08-23 19:23 55,200 ----a-w F:\Documents and Settings\Justin\Application Data\GDIPFONTCACHEV1.DAT
2007-08-08 17:07 604 ---ha-w F:\Program Files\STLL Notifier
2004-12-03 13:28 651,264 ----a-w F:\Program Files\Common Files\ARP2600 V.dpm
2003-02-24 21:28 761,358 ----a-w F:\Program Files\Common Files\ARP2600 V.dpm.rsr
.

((((((((((((((((((((((((((((( snapshot@2008-04-15_20.25.12.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-16 00:17:19 2,048 --s-a-w F:\WINDOWS\bootstat.dat
+ 2008-04-16 12:30:44 2,048 --s-a-w F:\WINDOWS\bootstat.dat
+ 2008-04-06 02:56:22 19,836,024 ----a-w F:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="F:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 12:51 486856]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="F:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:31 208952]
"PHIME2002ASync"="F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 01:32 455168]
"PHIME2002A"="F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 01:32 455168]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"MacDrive7.0.4TimeOutPatch"="F:\Program Files\Mediafour\MacDrive 7\TimeOutPatch.EXE" [ ]
"DigidesignMMERefresh"="F:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-02-15 00:31 61440]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"avgnt"="F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 03:56 15360]

F:\Documents and Settings\Justin\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - F:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-20 20:02:54 3450608]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=F:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^DualCoreCenter.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk
backup=F:\WINDOWS\pss\DualCoreCenter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 06:29 220544 F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 202024 F:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 F:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWITOOLBOX]
F:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 10:29 1056552 F:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2007-02-05 19:52 849280 F:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-31 18:44 271672 F:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 21:08 813912 F:\Program Files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-07-18 17:55 451872 F:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
--a------ 2007-01-17 17:01 496640 F:\Program Files\MSI\Live Update 3\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 F:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 F:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2006-07-07 08:16 81920 F:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 F:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2004-05-12 16:04 196608 F:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 F:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2006-12-18 23:12 16062464 F:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 10:30 2043688 F:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 06:04 2879488 F:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 F:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"nTuneService"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\uTorrent\\uTorrent.exe"=
"F:\\Program Files\\iTunes\\iTunes.exe"=
"F:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"F:\\WINDOWS\\system32\\PnkBstrA.exe"=
"F:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"F:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"F:\\Program Files\\Microsoft XNA\\XNA Game Studio Express\\v1.0\\Tools\\XNARPM.exe"=
"F:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"F:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:xboxlive1
"88:UDP"= 88:UDP:xboxlive2
"3330:UDP"= 3330:UDP:xboxlive3
"3074:TCP"= 3074:TCP:xboxlive4
"3074:UDP"= 3074:UDP:xboxlive5

R0 DigiFilter;DigiFilter;F:\WINDOWS\system32\drivers\DigiFilt.sys [2006-02-15 00:29]
R0 Si3531;SiI-3531 SATA Controller;F:\WINDOWS\system32\DRIVERS\Si3531.sys [2007-06-01 19:29]
R2 SBKUPNT;SBKUPNT;F:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
R2 SQLWriter;SQL Server VSS Writer;"F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;F:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-04 01:31]
S3 dalwdmservice;dal service;F:\WINDOWS\system32\drivers\dalwdm.sys [2006-02-14 23:17]
S3 USB44LDR;M-Audio USB MidiSport 4x4 Loader;F:\WINDOWS\system32\drivers\usb44ldr.sys [2007-07-30 21:18]
S3 USBMN4X4;M-Audio USB MidiSport 4x4;F:\WINDOWS\system32\drivers\usbmn4x4.sys [2007-07-30 21:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e3d7083-3b4c-11dc-8190-806d6172696f}]
\Shell\AutoRun\command - T:\Setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"F:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 08:31:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-16 8:37:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 12:37:46
ComboFix2.txt 2008-04-16 00:25:23

Pre-Run: 23,283,679,232 bytes free
Post-Run: 23,269,298,176 bytes free
.
2008-04-16 00:29:46 --- E O F ---
  • 0

#27
miekiemoes
Posted 16 April 2008 - 07:10 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
This looks OK now.

but I don't have time to try to install java again because I have class. I'll get it done when I get back later today.

That's OK. I read you later.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  • 0

#28
Feanorfenwe
Posted 19 April 2008 - 12:10 PM

Feanorfenwe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
my desktop is sudden;y acting wierd. All my desktop short cuts dissappeared and it is very slow whenever I try to do properties or something.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:27 PM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
F:\Program Files\DAEMON Tools Lite\daemon.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Digidesign\Drivers\MMERefresh.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\System32\svchost.exe
f:\program files\avira\antivir personaledition classic\avcenter.exe
F:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\CF24037.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MacDrive7.0.4TimeOutPatch] F:\Program Files\Mediafour\MacDrive 7\TimeOutPatch.EXE
O4 - HKLM\..\Run: [DigidesignMMERefresh] F:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185412818126
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185413417030
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - F:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - F:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6508 bytes




Avira AntiVir Personal
Report file date: Saturday, April 19, 2008 13:23

Scanning for 1218459 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: JUSTINS

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 19:08:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 4/11/2008 19:41:24
ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 4/18/2008 23:58:46
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 15:58:21
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 4/18/2008 23:58:51
AESCN.DLL : 8.1.0.14 119156 Bytes 4/18/2008 23:58:50
AERDL.DLL : 8.1.0.19 418164 Bytes 4/7/2008 21:34:44
AEPACK.DLL : 8.1.1.2 364917 Bytes 4/18/2008 23:58:50
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 4/18/2008 23:58:49
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 4/15/2008 19:41:56
AEHELP.DLL : 8.1.0.14 115063 Bytes 4/18/2008 23:58:48
AEGEN.DLL : 8.1.0.17 299380 Bytes 4/18/2008 23:58:47
AEEMU.DLL : 8.1.0.5 430450 Bytes 4/7/2008 21:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 4/18/2008 23:58:47
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/23/2008 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/23/2008 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/23/2008 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 18:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: f:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, G:, H:, I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Saturday, April 19, 2008 13:23

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'MMERefresh.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '35' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\pagefile.sys
[WARNING] The file could not be opened!
D:\47262cb29dd4daf3b6b9af65cdb8fee0\update\update.exe
[WARNING] The file could not be opened!
D:\6664db0bee2401874ff02c7b46edd8\update\update.exe
[WARNING] The file could not be opened!
Begin scan in 'E:\'
E:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\'
F:\pagefile.sys
[WARNING] The file could not be opened!
F:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'G:\'
G:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'H:\'
H:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'I:\'
I:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: Saturday, April 19, 2008 13:55
Used time: 32:40 min

The scan has been done completely.

11651 Scanning directories
274394 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
10 Files cannot be scanned
274394 Files not concerned
3473 Archives were scanned
10 Warnings
0 Notes
  • 0

#29
miekiemoes
Posted 19 April 2008 - 01:32 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Strange.. but I suddenly your desktop shortcuts disappeared, then it could be indeed of a corrupted useraccount.
Because this may happen if a useraccount got corrupted and runs under a temporary account with only system privileges.. and that may explain your previous problems as well.

Can you create a new userprofile with admin privileges please?

Let me know if the problem is still there as well.
  • 0

#30
Feanorfenwe
Posted 24 April 2008 - 03:37 PM

Feanorfenwe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey, I did create a new user account and the desktop is fine, but I am still having loads of problems with Windows Installer that started when I got the malware. Now the installer opens whenever I open a program like Word of iTunes. It won't even let me open iTunes because I get a warning saying that the installer could not be accessed. I have done all the stuff on the Microsoft support site and it has been of no help.

Edit: Just thought that I should mention as well that when i got to start, run, and then services.msc it says that the installer is not started and will not let me start it. When I try to I get a 1067 error.


Here is another Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:13 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Digidesign\Drivers\MMERefresh.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MacDrive7.0.4TimeOutPatch] F:\Program Files\Mediafour\MacDrive 7\TimeOutPatch.EXE
O4 - HKLM\..\Run: [DigidesignMMERefresh] F:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] F:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185412818126
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185413417030
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - F:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - F:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6286 bytes

Edited by Feanorfenwe, 24 April 2008 - 03:40 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP