Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Security Center Virus [RESOLVED]


  • This topic is locked This topic is locked

#16
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Attached is the dss-logg.

Thanks again, looking forward to next reply :-)

Attached Files

  • Attached File  dss.txt   19.73KB   143 downloads

  • 0

Advertisements


#17
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Now, tell me about your computer behaviour..
  • 0

#18
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ignore this post!!!

Edited by traktor, 27 June 2008 - 03:54 AM.

  • 0

#19
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Ignore this post!!!


Ok.. waiting for your Kaspersky Webscanner log..
  • 0

#20
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 27, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 27, 2008 09:40:31
Records in database: 888160
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 162819
Threat name: 2
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 03:12:04


File name / Threat name / Threats count
C:\download\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\download\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
D:\Utorrent\ferdige\MIRC.v6.31-Lz0\crack\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
D:\Utorrent\ferdige\MIRC.v6.31-Lz0\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1

The selected area was scanned.
  • 0

#21
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Good news for you.. Your log is clean to my eyes..


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image




NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6




NEXT


I noticed that you already have:
1. Norman Security Suite consisting of your Antivirus and Firewall
2. Malwarebytes' Anti-Malware as your antispyware


Lastly, to keep your operating system up to date please visit the link below monthly

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512

Edited by fenzodahl512, 27 June 2008 - 10:19 PM.

  • 0

#22
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi!
My PC is still very slow, and often my internal disk is working like crazy, for an hour. Without me running any programs. I have uncheck auto scan from Norman etc, so its just going there on its own.
And my firewall warns me all the time now about Windows_Audio_Device_Graph_Isolation that tries to connects to Internet through both Skype, Msn, Firefox, YOU NAME IT!
What is that?
Maybe I should change to Mac next time? I am so tired of virus, spyware and so on.
My PC takes like 4 minutes to re-start. Thats way more than my first PC in 1988.

But thanks again for all your friendly help. Really amazing!!!

Traktor
  • 0

#23
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Hi!
My PC is still very slow, and often my internal disk is working like crazy, for an hour. Without me running any programs. I have uncheck auto scan from Norman etc, so its just going there on its own.
And my firewall warns me all the time now about Windows_Audio_Device_Graph_Isolation that tries to connects to Internet through both Skype, Msn, Firefox, YOU NAME IT!
What is that?
Maybe I should change to Mac next time? I am so tired of virus, spyware and so on.
My PC takes like 4 minutes to re-start. Thats way more than my first PC in 1988.

But thanks again for all your friendly help. Really amazing!!!

Traktor



Wow... Your final DSS log dated 26 June looks clean to my eyes.. Let see a fresh DSS log again for me to review..
  • 0

#24
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here it is:

You are really amazing with all the help!!! :-)

Deckard's System Scanner v20071014.68
Run by ennitti on 2008-07-02 18:13:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 4.32 GiB (less than 15%) free.


-- HijackThis (run as ennitti.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:55 PM, on 7/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Ngs\bin\NPROSEC.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Norman\npf\bin\npfuser.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Bridge Base Online\NetBridgeVu.exe
C:\download\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ennitti.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ennitti.com/7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Mobilt Kontor.lnk = C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe
O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\bin\NPROSEC.EXE
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9902 bytes

-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-06-28 15:47:44 0 d-------- C:\Program Files\Common Files\Java
2008-06-27 01:13:29 16384 --a------ C:\Windows\system32\sqlite3_mod_impexp.dll
2008-06-27 01:13:29 6144 --a------ C:\Windows\system32\sqlite3_mod_fts3.dll
2008-06-27 01:13:29 46080 --a------ C:\Windows\system32\sqlite3_mod_blobtoxy.dll <Not Verified; Christian Werner Software & Consulting; ODBC Driver for SQLite3 3.5.4>
2008-06-27 01:13:28 369664 --a------ C:\Windows\system32\sqliteodbcu.dll <Not Verified; Christian Werner Software & Consulting; ODBC Driver for SQLite 2.8.17>
2008-06-27 01:13:28 360960 --a------ C:\Windows\system32\sqliteodbc.dll <Not Verified; Christian Werner Software & Consulting; ODBC Driver for SQLite 2.8.17>
2008-06-27 01:13:28 441344 --a------ C:\Windows\system32\sqlite3odbc.dll <Not Verified; Christian Werner Software & Consulting; ODBC Driver for SQLite3 3.3.7>
2008-06-27 01:13:26 0 d-------- C:\Program Files\SQLite ODBC Driver
2008-06-26 23:55:43 0 d-------- C:\Microgaming
2008-06-15 13:23:45 1438178 --a------ C:\SDFix.exe
2008-06-10 12:56:33 0 d-------- C:\MSNCleaner
2008-06-09 17:38:06 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-09 17:38:05 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 12:42:42 0 d-------- C:\Program Files\Trend Micro
2008-06-09 11:59:18 286090 --a------ C:\Pass2.cmd
2008-06-09 11:57:34 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-06-09 11:57:34 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-09 11:57:34 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-09 11:57:34 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-09 11:57:34 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-09 11:57:34 82944 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-09 11:57:34 51200 --a------ C:\Windows\system32\dumphive.exe
2008-06-09 11:57:34 82944 --a------ C:\Windows\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-09 11:40:46 0 d-------- C:\Program Files\Quick StartUp
2008-06-09 11:40:13 5092 --a------ C:\Windows\system32\tmp.reg
2008-06-09 11:24:22 0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-06-09 10:39:56 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-09 00:54:36 0 d-------- C:\Windows\system32\7951
2008-06-07 04:10:09 0 d-------- C:\Temp


-- Find3M Report ---------------------------------------------------------------

2008-07-02 02:33:09 0 d-------- C:\Users\ennitti\AppData\Roaming\Skype
2008-07-02 01:13:21 0 d-------- C:\Users\ennitti\AppData\Roaming\skypePM
2008-07-01 22:10:04 1598 --a------ C:\Users\ennitti\AppData\Roaming\wklnhst.dat
2008-07-01 19:50:39 54503 --a------ C:\Users\ennitti\AppData\Roaming\nvModes.dat
2008-07-01 19:50:39 54503 --a------ C:\Users\ennitti\AppData\Roaming\nvModes.001
2008-07-01 10:13:03 452704 --a------ C:\Windows\system32\perfh014.dat
2008-07-01 10:13:03 76640 --a------ C:\Windows\system32\perfc014.dat
2008-07-01 09:43:26 0 d-------- C:\Program Files\Norman
2008-07-01 02:42:28 2484 --a------ C:\Windows\bthservsdp.dat
2008-07-01 02:41:09 0 d-------- C:\Users\ennitti\AppData\Roaming\uTorrent
2008-06-30 14:44:17 0 d-------- C:\Program Files\Poker Tracker V2
2008-06-29 01:40:18 0 d-------- C:\Users\ennitti\AppData\Roaming\Microgaming
2008-06-28 20:14:56 0 d-------- C:\Program Files\CONEXANT
2008-06-28 16:14:19 0 d-------- C:\Users\ennitti\AppData\Roaming\Mozilla
2008-06-28 15:49:27 0 d-------- C:\Program Files\Java
2008-06-28 15:47:44 0 d-------- C:\Program Files\Common Files
2008-06-26 14:47:42 0 d-------- C:\Program Files\SunPoker.com
2008-06-26 13:30:05 0 d-------- C:\Program Files\PokerStars
2008-06-25 23:57:43 0 d-------- C:\Program Files\Betsafe Poker
2008-06-24 10:29:49 0 d-------- C:\Users\ennitti\AppData\Roaming\mIRC
2008-06-24 10:29:08 0 d-------- C:\Program Files\mIRC
2008-06-23 00:29:11 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-19 01:24:26 0 d-------- C:\Program Files\InterPoker
2008-06-12 16:40:58 0 d-------- C:\Program Files\DivX
2008-06-10 06:09:46 0 d-------- C:\Program Files\Windows Mail
2008-06-09 17:38:09 0 d-------- C:\Users\ennitti\AppData\Roaming\Malwarebytes
2008-05-31 01:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 01:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-26 21:38:52 0 d-------- C:\Program Files\PokerStove
2008-05-23 00:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-23 00:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-23 00:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-23 00:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-05-15 14:35:49 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-13 17:34:06 0 d-------- C:\Program Files\TmNationsForever
2008-05-11 01:18:53 0 d-------- C:\Program Files\Recover Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/13/2007 05:36 AM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/13/2007 11:38 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [07/09/2007 04:57 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [07/09/2007 04:57 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [07/09/2007 04:57 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 01:18 PM]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 04:12 PM]
"Norman ZANDA"="C:\Program Files\Norman\Npm\Bin\ZLH.exe" [06/02/2008 09:47 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 02:36 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [3/29/2007 2:11:50 PM]
Mobilt Kontor.lnk - C:\Program Files\Telenor\Mobilt Kontor\Mobilt Kontor.exe [5/10/2007 10:38:58 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
GPSvcGroup GPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\.\start.bat


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-02 18:14:50 ------------
  • 0

#25
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please show hidden files and folders. Please visit HERE if you don't know how.


Then, tell me what can you see inside this folder.. Don't delete it.. Just tell me what you see inside it..

C:\Windows\system32\7951


Apart from that, your log looks clean to my eyes..


And my firewall warns me all the time now about Windows_Audio_Device_Graph_Isolation that tries to connects to Internet through both Skype, Msn, Firefox, YOU NAME IT!



About your Norman firewall, I don't know why it is behave like that..

Google found me these...

http://www.liutiliti...ibrary/audiodg/

http://www.hardforum...hp?p=1031018340

http://www.vistax64....udiodg-exe.html

http://www.vistahead...nce-issues.html

http://blogs.msdn.co...udiodg-exe.aspx



So, I stongly believe it is not related with Virus/Malware.. Maybe some updates by Microsoft (for your audio) but honestly I'm not sure..

Please seek further assistance at our Windows Vista forum.. Tell them about your problem and tell them that I send you there..




Please also read an excellent article by miekiemoes :Help! My computer is slow!



Regards
fenzodahl512
  • 0

Advertisements


#26
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
~!6619p.spt
Size: 476 byte

Thats the only file inside the folder C:\Windows\System32\7951
  • 0

#27
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
http://www.liutiliti...ibrary/audiodg/


I tried the link you gave me, and started a register scan, but I am not sure if its a serious site, bcs it counted over 100 register errors, so I stopped the scan. So many fake site out there that I was unsure if I should click the fix button.
  • 0

#28
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

http://www.liutiliti...ibrary/audiodg/


I tried the link you gave me, and started a register scan, but I am not sure if its a serious site, bcs it counted over 100 register errors, so I stopped the scan. So many fake site out there that I was unsure if I should click the fix button.



Err... Sorry.. The link I provide is just for your review.. I don't ask you to download and run their programs whatsoever.. Please don't do that yet..

Quote from the site..

Windows errors related to audiodg.exe?

audiodg.exe is a Windows Audio Device Graph Isolation from Microsoft Corporation belonging to Microsoft® Windows® Operating System. It is part of Windows and ensures that the content and plug-ins are not modified by another application such as spyware.




Please manually delete that folder C:\Windows\system32\7951


Other than that, your log looks clean to my eyes...


As I mentioned before, your current Windows_Audio_Device_Graph_Isolation problem is not related with Malware... And I strongly suggest you to seek further assistance at our Windows Vista forum.. (since you use Vista..)


Link below:

http://www.geekstogo...-Vista-f79.html


Regards
fenzodahl512

Edited by fenzodahl512, 03 July 2008 - 02:19 AM.

  • 0

#29
traktor

traktor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Yes, have contacted your vista forum, looking forward for a reply there.

Have removed the folder C:\Windows\system32\7951

Thanks again!!!

Edited by traktor, 03 July 2008 - 04:24 AM.

  • 0

#30
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP