Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System auto shuts down while scanning for virus [RESOLVED]


  • This topic is locked This topic is locked

#16
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello... i did the online scan with Kaspersky, but the system was shut down also during the scan. :)
Please help...

Thank you...
  • 0

Advertisements


#17
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey samsungR50,

It is possible that KAV is conflicting with your Antivirus software.

Could you try this.

First,

DISABLE AVIRA ANTIVIR


Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Then,

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Once done,

Re-enable AVIRA then post back with the log.

Edited by koko_crunch, 07 June 2008 - 02:35 PM.

  • 0

#18
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi koko_crunch. I have desactivated all the anti virus, anti malware..., before running the scan. but the system always auto shuts down during the scan. :) :)
  • 0

#19
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hmmm, that's really strange.

Let's try to figure out what causing the issues.

First, Disable auto restart.

1. Right-Click on "My Computer", and click "Properties" from the context menu that appears.
2. Click on the "Advanced" tab.
3. Click on "Settings" under "Startup and Recovery" (see screenshot).
4. Uncheck the box labeled "Automatic Restart".

Then,

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Panda ActiveScan 2.0

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Panda Security

Next,

Download CCleaner
  • then Install.
    • Double click on CCleaner on your desktop.
    • Click on the Cleaner tab >> then select Analyze (wait for it to finish) >> then press Run Cleaner
    • Once complete, click on the Registry tab >> Scan for issues (again, wait for it to finish)
    • When done, click on Fix selected issues.
    • You will then receive a prompt asking you, "Do you want to back up your registry?"
    • Click on Yes then Save.
    • Another prompt will appear >> choose Fix all issues then exit.

    Then,

    Please do an online scan with Kaspersky WebScanner

    Click on Accept

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:[list]
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

There is a possibility that your system may get a blue screen error while performing the scan. Please take note of the error code and message. When done, reboot computer.

Then,

Click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Add/remove programs and "Event logs"
click Scan
DSS will now run again when finished
Please post back extra txt along with error code during restart (if any).
  • 0

#20
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello... it still the same... i have done as per instructed... but when it comes to scan, and at about 8% of process, the system always auto shut down... it is really strange...!!! :) :) :)
  • 0

#21
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
No error codes?

Also you forgot to post the new extra.txt
  • 0

#22
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello... sorry i forgot!!!

No, there was no any error message when the system shuts down and during restart. It is very suddently shut down and nothing seems to happen when i restart the system.

Here is the extra file. (i also include the main file in case that u may need it)

1. Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD4F051C-1A2B-4A91-B187-B093C597418C}\setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Concise Oxford English Dictionary (Eleventh Edition) --> C:\Program Files\COED11\Uninstal.exe
Désinstaller Le Petit Robert de la langue française --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Le Robert\Le Petit Robert\Uninst.isu"
Free Easy Burner V 3.8 --> "C:\Program Files\Free Easy Burner\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Codec Pack 2.72 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{7CD7A451-7224-49C8-95EF-9A1859C66607}
New Khmer Dictionary --> C:\WINDOWS\unvise32.exe C:\Program Files\New Khmer Dictionary\uninstal.log
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia NSeries Application Installer --> MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5}
Nokia NSeries Content Copier --> MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647}
Nokia NSeries System Utilities --> MsiExec.exe /X{F1932E56-8A95-40E0-A15B-E06B45969845}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_fre.exe
Nokia PC Suite --> MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
Nokia Software Launcher --> MsiExec.exe /I{B53F4598-B3D9-41DF-911E-523FA91EE464}
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
SENS LT56ADW Modem --> agrsmdel
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TrueCrypt --> "C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
VoipStunt --> "C:\Program Files\VoipStunt.com\VoipStunt\unins000.exe"
WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Driver Package - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WOW XT and TSXT Filter Driver --> MsiExec.exe /X{AAB9478F-DE6B-498B-9420-21E1F1AC700D}
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type677 / Warning
Event Submitted/Written: 06/08/2008 08:25:19 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/PSW.OnlineGames.aleuF:\jdwx.exe

Event Record #/Type628 / Error
Event Submitted/Written: 06/06/2008 11:37:44 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module kavwebscan.dll, version 5.0.98.0, fault address 0x0000540a.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type586 / Warning
Event Submitted/Written: 06/05/2008 08:00:50 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W95/Blumblebee.1738C:\System Volume Information\_restore{BF80532B-0258-4063-9A49-EE9E0AD2B7BA}\RP36\A0004276.dll

Event Record #/Type575 / Warning
Event Submitted/Written: 06/04/2008 06:39:53 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W95/Blumblebee.1738C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll

Event Record #/Type491 / Warning
Event Submitted/Written: 05/31/2008 11:53:17 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W95/Blumblebee.1738C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2260 / Error
Event Submitted/Written: 06/09/2008 05:55:47 AM / 06/09/2008 05:56:16 AM
Event ID/Source: 4307 / NetBT
Event Description:
Initialization failed because the transport refused to open initial Addresses.

Event Record #/Type2248 / Error
Event Submitted/Written: 06/09/2008 05:56:12 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type2247 / Error
Event Submitted/Written: 06/09/2008 05:56:12 AM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type2246 / Error
Event Submitted/Written: 06/09/2008 05:56:12 AM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type2222 / Error
Event Submitted/Written: 06/08/2008 11:54:50 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference error message: The operation completed successfully.
.



-- End of Deckard's System Scanner: finished at 2008-06-09 06:24:44 ------------


2. Main.txt

Deckard's System Scanner v20071014.68
Run by Public on 2008-06-09 06:23:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Public.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:23, on 2008-06-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Public\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Public.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCB9F5A8-DACC-4E71-8ADD-5716DD651582}: NameServer = 202.56.215.6,202.56.230.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8609 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-08 11:30:14 0 dr-h----- C:\Documents and Settings\Public\Recent
2008-06-08 11:28:27 0 d-------- C:\Program Files\CCleaner
2008-06-07 23:17:09 0 d-------- C:\Program Files\Common Files\PCSuite
2008-06-07 23:17:09 0 d-------- C:\Program Files\Common Files\Nokia
2008-06-07 23:16:04 0 d-------- C:\Program Files\PC Connectivity Solution
2008-06-06 10:04:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-06 10:04:26 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-06 06:56:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-06 06:56:15 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware <MALWAR~1>
2008-06-05 07:19:46 0 d-------- C:\Program Files\Java
2008-06-05 07:19:43 0 d-------- C:\Program Files\Common Files\Java
2008-06-02 10:52:15 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-02 07:42:14 0 d-------- C:\Documents and Settings\Public\Application Data\WinRAR
2008-05-31 21:04:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-31 21:04:04 0 d-------- C:\Program Files\SUPERAntiSpyware <SUPERA~1>
2008-05-31 21:04:04 0 d-------- C:\Documents and Settings\Public\Application Data\SUPERAntiSpyware.com
2008-05-31 19:57:22 0 d-------- C:\Documents and Settings\Public\Application Data\Malwarebytes
2008-05-31 19:57:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-31 19:54:21 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-31 10:44:36 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-31 08:39:58 0 d-------- C:\WINDOWS\Sun
2008-05-31 08:39:57 0 d-------- C:\Documents and Settings\Public\Application Data\Sun
2008-05-31 05:06:55 44544 --a------ C:\WINDOWS\system32\GIF89.DLL <Not Verified; ; Gif89 Module>
2008-05-31 05:06:53 348160 --a------ C:\WINDOWS\system32\WMAFile.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL>
2008-05-31 05:06:53 40960 --a------ C:\WINDOWS\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2008-05-31 05:06:53 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2008-05-31 05:06:53 1212416 --a------ C:\WINDOWS\system32\AudioInfos.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL>
2008-05-31 05:06:53 1986560 --a------ C:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2008-05-31 05:06:52 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-05-31 05:06:52 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-31 05:06:52 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-05-31 05:06:52 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-05-31 05:06:52 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-05-31 05:06:51 0 d-------- C:\Program Files\Free Easy Burner
2008-05-31 04:37:07 0 d-------- C:\Program Files\Common Files\L&H
2008-05-31 04:36:50 0 d-------- C:\Program Files\Microsoft.NET
2008-05-31 04:36:31 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-31 04:35:30 0 d-------- C:\Program Files\Microsoft Works
2008-05-31 04:34:46 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-31 04:27:14 0 d-------- C:\Program Files\Le Robert
2008-05-31 04:26:59 305664 --a------ C:\WINDOWS\IsUn040c.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-31 04:26:01 0 d-------- C:\Program Files\COED11
2008-05-31 04:25:19 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-31 04:25:16 0 d-------- C:\Program Files\New Khmer Dictionary
2008-05-31 04:23:33 25808 --a------ C:\WINDOWS\system\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2008-05-31 04:23:33 0 d-------- C:\LAROUSSE
2008-05-31 04:23:22 0 d-------- C:\Documents and Settings\Public\WINDOWS
2008-05-31 04:07:05 0 d-------- C:\Documents and Settings\Public\Application Data\Media Player Classic
2008-05-31 04:06:39 157696 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-31 04:06:29 568850 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-05-31 04:06:29 286720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Pro>
2008-05-31 04:06:29 1024000 --a------ C:\WINDOWS\system32\3ivx.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Pro>
2008-05-31 04:06:28 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll <Not Verified; Microsoft Corporation; Windows Media Video 9 VCM>
2008-05-31 04:06:27 217088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-31 04:06:27 856064 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-31 04:06:27 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-31 04:06:25 619156 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 04:06:24 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-31 04:06:22 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 04:05:33 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-05-31 04:05:32 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-05-31 04:05:31 0 d-------- C:\Program Files\PDFCreator
2008-05-31 04:04:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-31 04:03:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-29 19:52:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-29 11:40:40 0 d-------- C:\Program Files\MSXML 4.0
2008-05-29 11:06:50 0 d-------- C:\Documents and Settings\Public\Application Data\VoipStunt
2008-05-29 11:06:11 0 d-------- C:\Program Files\VoipStunt.com
2008-05-29 10:09:26 0 d-------- C:\Documents and Settings\Public\Application Data\NSeries
2008-05-29 09:44:44 0 d-------- C:\WINDOWS\network diagnostic
2008-05-29 09:21:36 0 d-------- C:\77b71b88c5deaebd98026c86806855bc
2008-05-29 08:42:36 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-29 07:04:23 0 d-------- C:\Documents and Settings\Public\Application Data\Yahoo!
2008-05-29 07:02:24 0 d-------- C:\Program Files\Trend Micro
2008-05-29 06:50:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-29 06:44:17 0 d-------- C:\Program Files\Yahoo!
2008-05-28 20:30:12 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-28 20:30:09 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-28 20:01:48 0 d--hs---- C:\Documents and Settings\Public\UserData
2008-05-28 20:01:09 0 d-------- C:\Documents and Settings\Public\Application Data\Adobe
2008-05-28 19:59:09 0 d-------- C:\Documents and Settings\Public\Application Data\Macromedia
2008-05-28 16:45:56 0 d-------- C:\Program Files\Avira
2008-05-28 16:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-28 15:51:04 0 d-------- C:\Documents and Settings\Public\Application Data\Identities
2008-05-28 15:50:54 0 d--h----- C:\Documents and Settings\Public\Templates
2008-05-28 15:50:54 0 dr------- C:\Documents and Settings\Public\Start Menu
2008-05-28 15:50:54 0 dr-h----- C:\Documents and Settings\Public\SendTo
2008-05-28 15:50:54 0 d--h----- C:\Documents and Settings\Public\PrintHood
2008-05-28 15:50:54 2621440 --ah----- C:\Documents and Settings\Public\NTUSER.DAT
2008-05-28 15:50:54 0 d--h----- C:\Documents and Settings\Public\NetHood
2008-05-28 15:50:54 0 dr------- C:\Documents and Settings\Public\My Documents
2008-05-28 15:50:54 0 d--h----- C:\Documents and Settings\Public\Local Settings
2008-05-28 15:50:54 0 dr------- C:\Documents and Settings\Public\Favorites
2008-05-28 15:50:54 0 d-------- C:\Documents and Settings\Public\Desktop
2008-05-28 15:50:54 0 d--hs---- C:\Documents and Settings\Public\Cookies
2008-05-28 15:50:54 0 dr-h----- C:\Documents and Settings\Public\Application Data
2008-05-28 15:49:18 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-28 15:49:16 0 d-------- C:\WINDOWS\Prefetch
2008-05-28 15:49:15 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-28 15:49:14 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-28 15:49:14 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-28 15:49:14 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-28 15:49:14 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-28 15:49:14 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-28 15:48:56 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-28 15:48:56 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-28 15:48:56 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-05-28 15:48:56 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-28 15:48:56 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-28 15:44:58 0 d-------- C:\WINDOWS\system32\xircom
2008-05-28 15:44:57 0 d-------- C:\Program Files\microsoft frontpage
2008-05-28 15:44:40 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-28 15:44:32 0 -rahs---- C:\MSDOS.SYS
2008-05-28 15:44:32 0 -rahs---- C:\IO.SYS
2008-05-28 15:44:32 0 --a------ C:\CONFIG.SYS
2008-05-28 15:44:32 0 --a------ C:\AUTOEXEC.BAT
2008-05-28 15:43:15 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-28 15:43:03 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-28 15:43:03 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-28 15:42:49 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-28 15:42:23 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-28 15:41:47 0 d---s---- C:\WINDOWS\Tasks
2008-05-28 15:41:46 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-28 15:41:42 0 d-------- C:\WINDOWS\srchasst
2008-05-28 15:41:41 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-28 15:41:31 0 d-------- C:\Program Files\Movie Maker
2008-05-28 15:41:21 0 d-------- C:\WINDOWS\system32\Restore
2008-05-28 15:40:33 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-28 15:40:10 0 d-------- C:\WINDOWS\Registration
2008-05-28 15:40:00 0 d-------- C:\Program Files\Online Services
2008-05-28 15:39:53 0 d-------- C:\Program Files\Messenger
2008-05-28 15:39:49 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-28 15:39:05 0 d-------- C:\Program Files\Windows NT
2008-05-28 15:39:02 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-28 15:39:00 0 d-------- C:\WINDOWS\system32\Com
2008-05-28 12:14:48 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-28 11:37:23 0 d-------- C:\Documents and Settings\Public\Bluetooth Software
2008-05-28 11:35:13 0 d-------- C:\Program Files\WIDCOMM
2008-05-28 11:33:57 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-28 11:33:23 0 d-------- C:\Documents and Settings\Public\Application Data\Nokia
2008-05-28 11:33:22 0 d-------- C:\Program Files\DIFX
2008-05-28 11:32:51 0 d-------- C:\Documents and Settings\Public\Application Data\PC Suite
2008-05-28 11:32:41 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-28 11:32:38 0 d-------- C:\Program Files\Nokia
2008-05-28 11:31:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-28 10:39:42 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-05-28 10:39:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-28 10:34:57 0 d-------- C:\Documents and Settings\Public\Application Data\Intel
2008-05-28 10:34:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-28 10:33:13 1671168 --a------ C:\WINDOWS\system32\W29MLRES.DLL <Not Verified; Intel Corporation; Intel® PRO/Wireless 2915ABG Network Connection>
2008-05-28 09:40:32 0 d-------- C:\Program Files\TrueCrypt
2008-05-28 09:40:19 0 d-------- C:\Documents and Settings\Public\Application Data\TrueCrypt
2008-05-28 09:17:29 0 d-------- C:\Documents and Settings\Public\Application Data\Help
2008-05-28 09:15:52 0 d-------- C:\Program Files\ltmoh
2008-05-28 09:15:35 0 d-------- C:\WINDOWS\Options
2008-05-28 09:14:31 0 d-------- C:\Program Files\ATI Technologies
2008-05-28 09:09:30 0 d-------- C:\Program Files\Intel
2008-05-28 09:08:52 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-28 09:06:34 0 d-------- C:\Program Files\SRS Labs
2008-05-28 09:05:46 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2008-05-28 09:05:46 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2008-05-28 09:05:45 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-05-28 09:05:45 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-05-28 09:05:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-28 09:05:45 0 d-------- C:\Program Files\Analog Devices
2008-05-28 09:05:36 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-28 08:48:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-28 08:48:36 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-28 08:48:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-28 08:48:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-28 08:48:36 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-28 08:48:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-28 08:48:36 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-28 08:48:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-28 08:48:36 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-28 08:48:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-28 08:48:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-28 08:48:35 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-28 08:48:35 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-28 08:48:35 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-28 08:33:40 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-28 08:33:40 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-28 08:33:40 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-28 08:33:40 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-28 08:33:40 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-28 08:33:40 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-28 08:33:40 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-28 08:33:40 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-28 08:33:40 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-28 08:33:40 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-28 08:33:40 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-28 08:33:40 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-28 08:33:40 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-28 08:33:40 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-28 08:33:40 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-28 08:33:40 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-28 08:33:09 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-28 08:33:09 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-28 08:33:08 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-28 08:33:08 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-28 08:27:51 0 d--hs---- C:\WINDOWS\Installer
2008-05-28 08:27:50 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-28 08:27:44 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-28 08:27:43 0 dr------- C:\Program Files
2008-05-28 08:27:43 0 d-------- C:\Program Files\Common Files
2008-05-28 08:26:47 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-28 08:26:47 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-28 08:25:28 0 d-------- C:\Documents and Settings
2008-05-28 08:25:27 0 d--hs---- C:\System Volume Information
2008-05-28 08:06:05 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\WinSxS
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\twain_32
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\usmt
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\oobe
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\mui
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\IME
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\export
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\3076
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\2052
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1054
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1042
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1041
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1037
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1033
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1031
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1028
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\system32\1025
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\Resources
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\Provisioning
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\PeerNet
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\pchealth
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\mui
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\msapps
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\ime
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\ehome
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\Debug
2008-05-27 12:42:01 0 d-------- C:\WINDOWS\AppPatch
2008-05-27 12:42:00 0 d-------- C:\WINDOWS
2008-05-27 12:42:00 0 dr------- C:\WINDOWS\Web
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\wins
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\wbem
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\spool
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\Setup
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\ras
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\npp
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\ias
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\drivers
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-27 12:42:00 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system32\config
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\system
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\security
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\repair
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\msagent
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\Media
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\java
2008-05-27 12:42:00 0 d--h----- C:\WINDOWS\inf
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\Help
2008-05-27 12:42:00 0 dr--s---- C:\WINDOWS\Fonts
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\Driver Cache
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\Cursors
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\Config
2008-05-27 12:42:00 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-05-28 08:33:40 62 --ahs---- C:\Documents and Settings\Public\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 21:05]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 19:01 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-17 17:37]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 07:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 12:26]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
"Le Petit Robert Hyperappel"="C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 12:11]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-06 07:33]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-27 17:43:30]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-06 07:33 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-06-06 07:33 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5005506-2d0e-11dd-bd34-9d59d375d30a}]
AutoRun\command- F:\jdwx.exe
explore\Command- F:\jdwx.exe
open\Command- F:\jdwx.exe




-- End of Deckard's System Scanner: finished at 2008-06-09 06:24:44 ------------
  • 0

#23
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Strange really... Let's see what we can dig up.

First,

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Then,

1. Open Notepad, then copy and paste text in codebox.

@ECHO OFF
echo Searching please wait....
(@echo off
For %%i in (%windir%\system32) do findstr /M "WinShutdown" %%i\*.sys
For %%i in (%windir%\system32) do findstr /M "WinShutdown" %%i\*.exe
)>logit.txt 2>&1
Start logit.txt

2. Click Save As under File menu then Set file types to All
3. Type filename as search.bat
4. Double click to execute then paste log on next reply.

Logs required on next post. Please make sure your logs doesn't get cut off.

- OtscanIT log
- search.bat log
  • 0

#24
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello here is the file from OTscanit.

Sorry i miss the second task, about search.dat?

I open notpad, and copy the below text and then save as search.dat;;;; but when i double click to run it, an error message appears saying that it is not a valid win32 application. did i do something wrong?

@ECHO OFF
echo Searching please wait....
(@echo off
For %%i in (%windir%\system32) do findstr /M "WinShutdown" %%i\*.sys
For %%i in (%windir%\system32) do findstr /M "WinShutdown" %%i\*.exe
)>logit.txt 2>&1
Start logit.txt

Attached Files


  • 0

#25
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
sorry;;; i finally can run the file search.dat, when i save it in the OTscanit folder. but the result in the file logit.txt is blank. there is no any text inside...
  • 0

Advertisements


#26
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Ok let's try this and see if it works.

First,

Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


[Driver Services - Non-Microsoft Only]
NY -> (ADDMEM) ADDMEM [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Public\LOCALS~1\Temp\__Samsung_Update\ADDMEM.SYS
[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
NY -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL []
< Drives - Autoruns > -> 
NY -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ccsetup208.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SFTPMSI.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\stay anchorage.tif:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\TTPod_s60v3x_3[1].0.0.rar:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\When fuel prices go High.wmv:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\wrar371.exe:Zone.Identifier
[Files/Folders - Modified Within 30 days]
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ccsetup208.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SFTPMSI.exe:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\stay anchorage.tif:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\TTPod_s60v3x_3[1].0.0.rar:Zone.Identifier
[Extra Files]
F:\jdwx.exe
[Extra Registry Entries]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5005506-2d0e-11dd-bd34-9d59d375d30a}]  -> 
[Empty Temp Folders]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanIt scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Then,

Update Antivir.
Go to quarantine and delete all files found on that section.

Next,

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Finally,

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Logs required on next post.
- OTscanit log
- Kaspersky log (if any)
  • 0

#27
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts

sorry;;; i finally can run the file search.dat, when i save it in the OTscanit folder. but the result in the file logit.txt is blank. there is no any text inside...


Also, you seemed to have ran the wrong file. Could you please redo this and post back with the log.

1. Open Notepad, then copy and paste text in codebox.

@ECHO OFF
echo Searching please wait....
(@echo off
For %%i in (%windir%\system32) do findstr /M "WinShutdown" %%i\*.sys
For %%i in (%windir%\system32) do findstr /M "WinShutdown" %%i\*.exe
)>logit.txt 2>&1
Start logit.txt

2. Click Save As under File menu then Set file types to All
3. Type filename as "search.bat" and save to your desktop.
4. Double click to execute then paste log on next reply. Logit.txt should be located on your desktop.

Edited by koko_crunch, 11 June 2008 - 07:24 PM.

  • 0

#28
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello... after fixing with OTscanIt, the online scan by kaspersky is finally successful, but there was not any detection. I then tried the complete scan with Avira Antivir to see if the problem was solved, but the system still shuts down during the scan. :) :)

It is really strange.

Here is the log file of OTscanIt.

As for the search.bat scan, the file name logit.txt is still empty after the scan.

Thank you.

[Driver Services - Non-Microsoft Only]
Service ADDMEM stopped successfully.
Service ADDMEM deleted successfully.
File C:\DOCUME~1\Public\LOCALS~1\Temp\__Samsung_Update\ADDMEM.SYS not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL moved successfully.
C:\AUTOEXEC.BAT moved successfully.
[Files Created - Additional Folder Scans - Non-Microsoft Only]
ADS C:\Documents and Settings\Public\Desktop\ATF-Cleaner.exe:Zone.Identifier deleted successfully.
ADS C:\Documents and Settings\Public\Desktop\ccsetup208.exe:Zone.Identifier deleted successfully.
ADS C:\Documents and Settings\Public\Desktop\dss.exe:Zone.Identifier deleted successfully.
ADS C:\Documents and Settings\Public\Desktop\jre-6u6-windows-i586-p.exe:Zone.Identifier deleted successfully.
ADS C:\Documents and Settings\Public\Desktop\mbam-setup.exe:Zone.Identifier deleted successfully.
ADS C:\Documents and Settings\Public\Desktop\OTMoveIt2.exe:Zone.Identifier deleted successfully.
ADS C:\Documents and Settings\Public\Desktop\OTScanIt.exe:Zone.Identifier deleted successfully.
ADS C:\Documents and Settings\Public\Desktop\SFTPMSI.exe:Zone.Identifier deleted successfully.
ADS C:\Documents and Settings\Public\Desktop\stay anchorage.tif:Zone.Identifier deleted successfully.
ADS C:\Documents and Settings\Public\Desktop\TTPod_s60v3x_3[1].0.0.rar:Zone.Identifier deleted successfully.
ADS C:\Documents and Settings\Public\Desktop\When fuel prices go High.wmv:Zone.Identifier deleted successfully.
ADS C:\Documents and Settings\Public\Desktop\wrar371.exe:Zone.Identifier deleted successfully.
[Files/Folders - Modified Within 30 days]
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Unable to delete ADS C:\Documents and Settings\Public\Desktop\ATF-Cleaner.exe:Zone.Identifier .
Unable to delete ADS C:\Documents and Settings\Public\Desktop\ccsetup208.exe:Zone.Identifier .
Unable to delete ADS C:\Documents and Settings\Public\Desktop\dss.exe:Zone.Identifier .
Unable to delete ADS C:\Documents and Settings\Public\Desktop\jre-6u6-windows-i586-p.exe:Zone.Identifier .
Unable to delete ADS C:\Documents and Settings\Public\Desktop\mbam-setup.exe:Zone.Identifier .
Unable to delete ADS C:\Documents and Settings\Public\Desktop\OTMoveIt2.exe:Zone.Identifier .
Unable to delete ADS C:\Documents and Settings\Public\Desktop\OTScanIt.exe:Zone.Identifier .
Unable to delete ADS C:\Documents and Settings\Public\Desktop\SFTPMSI.exe:Zone.Identifier .
Unable to delete ADS C:\Documents and Settings\Public\Desktop\stay anchorage.tif:Zone.Identifier .
Unable to delete ADS C:\Documents and Settings\Public\Desktop\TTPod_s60v3x_3[1].0.0.rar:Zone.Identifier .
[Extra Files]
< F:\jdwx.exe >
File/Folder F:\jdwx.exe not found.
[Extra Registry Entries]
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Public\Local Settings\Temp\Perflib_Perfdata_540.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.12 fix logfile created on 06112008_110537

Files moved on Reboot...
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
File C:\Documents and Settings\Public\Local Settings\Temp\Perflib_Perfdata_540.dat not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.

Edited by samsungR50, 11 June 2008 - 07:58 PM.

  • 0

#29
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey samsung,

Did you try to run the batch file again? If not, please do then post back with logit.txt.

koko


As for the search.bat scan, the file name logit.txt is still empty after the scan.


Sorry... :)

Edited by koko_crunch, 12 June 2008 - 12:03 AM.

  • 0

#30
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
**revised: please refer to next post **

Edited by koko_crunch, 12 June 2008 - 12:14 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP