Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My internet Explorer won't load... [RESOLVED]


  • This topic is locked This topic is locked

#1
Roman Pope

Roman Pope

    Member

  • Member
  • PipPipPip
  • 103 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32, on 2008-06-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Administrator\Desktop\VundoFix.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vif.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{7A-A2-2B-B5-DW}] c:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190595128265
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortuneloung...ic/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39E127CF-79A1-4567-A963-D2AACDBEACCC}: NameServer = 192.168.0.1
O20 - Winlogon Notify: khfebxw - khfebxw.dll (file missing)
O21 - SSODL: zip - {c58386e7-0d45-46ec-9081-45f33699bdfc} - C:\WINDOWS\Installer\{c58386e7-0d45-46ec-9081-45f33699bdfc}\zip.dll (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7516 bytes
  • 0

Advertisements


#2
Roman Pope

Roman Pope

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18, on 2008-07-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vif.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{7A-A2-2B-B5-DW}] c:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190595128265
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortuneloung...ic/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39E127CF-79A1-4567-A963-D2AACDBEACCC}: NameServer = 192.168.0.1
O20 - Winlogon Notify: khfebxw - khfebxw.dll (file missing)
O21 - SSODL: zip - {c58386e7-0d45-46ec-9081-45f33699bdfc} - C:\WINDOWS\Installer\{c58386e7-0d45-46ec-9081-45f33699bdfc}\zip.dll (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7487 bytes
  • 0

#3
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.




NEXT



Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Please post the following logs in your next reply.. Post each log in separate post..

1. SDFix
2. Deckard System Scanner (both main.txt and extra.txt)


Regards
fenzodahl512
  • 0

#4
Roman Pope

Roman Pope

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
SDFix: Version 1.201
Run by Administrator on 2008-07-05 at 09:11

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\gbRve12\csLioes.log - Deleted
C:\Program Files\AntiSpywareMaster\asm.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\system32\[email protected]@@k.dll - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\winpfz37.sys - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted



Folder C:\Program Files\AntiSpywareMaster - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\gbRve12 - Removed
Folder C:\WINDOWS\system32\aqVreo01 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 09:17:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:cb,13,1f,9a,f8,91,28,f4,84,f6,00,34,0b,cb,25,9c,2e,05,f2,28,bf,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,07,0c,c0,52,a6,e7,f1,d4,db,2f,3d,ba,99,38,23,e6,d9,..
"hdf12"=hex:3d,b0,cb,ea,96,bb,83,9f,6f,b3,61,50,e2,58,54,5d,45,10,5a,5e,97,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:f8,5c,ac,20,46,66,cf,bf,0c,17,86,e7,b1,b6,42,92,ba,80,85,eb,52,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f5,cf,48,9b,bb,b0,27,a8,15,4e,aa,7d,1b,8e,56,aa,da,ea,df,6b,ce,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:9c,e0,4f,8e,3f,e5,46,c9,61,78,af,0d,94,dd,5f,5c,82,8c,8d,83,8b,..
"a0"=hex:20,01,00,00,91,5e,ff,43,df,dd,c6,4d,f9,3c,8f,89,0f,5c,55,42,37,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e2,5c,6f,3f,66,1f,6e,50,d0,b1,7c,7d,06,1c,8c,0f,a5,63,85,23,3c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:09,65,ce,b1,0d,c8,a5,b5,6d,20,3a,2f,95,5b,42,20,2f,7d,e1,c8,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:09,65,ce,b1,0d,c8,a5,b5,6d,20,3a,2f,95,5b,42,20,2f,7d,e1,c8,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:09,65,ce,b1,0d,c8,a5,b5,6d,20,3a,2f,95,5b,42,20,2f,7d,e1,c8,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000001
"hdf12"=hex:cb,13,1f,9a,f8,91,28,f4,84,f6,00,34,0b,cb,25,9c,2e,05,f2,28,bf,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,07,0c,c0,52,a6,e7,f1,d4,db,2f,3d,ba,99,38,23,e6,d9,..
"hdf12"=hex:3d,b0,cb,ea,96,bb,83,9f,6f,b3,61,50,e2,58,54,5d,45,10,5a,5e,97,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:f8,5c,ac,20,46,66,cf,bf,0c,17,86,e7,b1,b6,42,92,ba,80,85,eb,52,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f5,cf,48,9b,bb,b0,27,a8,15,4e,aa,7d,1b,8e,56,aa,da,ea,df,6b,ce,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:9c,e0,4f,8e,3f,e5,46,c9,61,78,af,0d,94,dd,5f,5c,82,8c,8d,83,8b,..
"a0"=hex:20,01,00,00,91,5e,ff,43,df,dd,c6,4d,f9,3c,8f,89,0f,5c,55,42,37,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e2,5c,6f,3f,66,1f,6e,50,d0,b1,7c,7d,06,1c,8c,0f,a5,63,85,23,3c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:09,65,ce,b1,0d,c8,a5,b5,6d,20,3a,2f,95,5b,42,20,2f,7d,e1,c8,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:09,65,ce,b1,0d,c8,a5,b5,6d,20,3a,2f,95,5b,42,20,2f,7d,e1,c8,11,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:09,65,ce,b1,0d,c8,a5,b5,6d,20,3a,2f,95,5b,42,20,2f,7d,e1,c8,11,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\recovery\\Wolfenstein - Enemy Territory\\ET.exe"="D:\\recovery\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 8 May 2008 34,304 ...H. --- "C:\Documents and Settings\Administrator\Desktop\~WRL2348.tmp"
Tue 12 Feb 2008 38,438 ..SHR --- "C:\WINDOWS\Installer\{980078e3-3c7e-4c8a-a67a-d874aa04c913}\zip.dll"
Tue 12 Feb 2008 38,438 ..SHR --- "C:\WINDOWS\Installer\{be960e08-1375-40d5-86cb-7542f02d9157}\zip.dll"
Tue 12 Feb 2008 38,438 ..SHR --- "C:\WINDOWS\Installer\{dcb0b1c0-420b-4ee5-9b4e-b05ddbb92e20}\zip.dll"
Tue 29 Aug 2006 20,992 A..H. --- "C:\Documents and Settings\Administrator\Desktop\New Folder\~WRL0195.tmp"
Tue 29 Aug 2006 20,992 A..H. --- "C:\Documents and Settings\Administrator\Desktop\New Folder\~WRL2948.tmp"
Tue 29 Aug 2006 20,992 A..H. --- "C:\Documents and Settings\Administrator\Desktop\New Folder\~WRL3336.tmp"
Tue 29 Aug 2006 20,992 A..H. --- "C:\Documents and Settings\Administrator\Desktop\New Folder\~WRL4060.tmp"
Tue 18 Mar 2003 1,060,864 A.SH. --- "C:\Program Files\MegaDev\MD-Trainers\MegaTrainer XL\mfc71.dll"
Tue 18 Mar 2003 1,047,552 A.SH. --- "C:\Program Files\MegaDev\MD-Trainers\MegaTrainer XL\mfc71u.dll"
Fri 21 Feb 2003 348,160 A.SH. --- "C:\Program Files\MegaDev\MD-Trainers\MegaTrainer XL\msvcr71.dll"

Finished!

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-05 09:24:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:25, on 2008-07-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vif.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190595128265
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortuneloung...ic/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39E127CF-79A1-4567-A963-D2AACDBEACCC}: NameServer = 192.168.0.1
O20 - Winlogon Notify: khfebxw - khfebxw.dll (file missing)
O21 - SSODL: zip - {c58386e7-0d45-46ec-9081-45f33699bdfc} - C:\WINDOWS\Installer\{c58386e7-0d45-46ec-9081-45f33699bdfc}\zip.dll (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7197 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Si3114r5 (SiI-3114 SoftRaid 5 Controller) - c:\windows\system32\drivers\si3114r5.sys <Not Verified; Silicon Image, Inc; SoftRAID 5>
R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys <Not Verified; Silicon Image, Inc.; SATALink Accelerator Driver>
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
R3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>

S1 asusgsb (ASUS Virtual Video Capture Device Driver) - c:\windows\system32\drivers\asusgsb.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Virtual Video Capture Device Driver>
S3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys (file missing)
S3 RDID1027 (EDIROL PCR) - c:\windows\system32\drivers\rdwm1027.sys <Not Verified; Roland Corporation; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>

S2 VSSERV (BitDefender Virus Shield) - "c:\program files\bitdefender\bitdefender 2008\vsserv.exe" /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-02 22:10:00 286 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-06-18 03:30:00 418 --a------ C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
2008-02-13 23:09:12 408 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-06-29 20:32:25 0 d-------- C:\Program Files\Trend Micro
2008-06-29 20:28:16 0 d-------- C:\VundoFix Backups
2008-06-23 16:52:17 139264 --a------ C:\WINDOWS\system32\eax.dll <Not Verified; Creative Technology Ltd; EAX Unified>
2008-06-23 16:52:17 0 d-------- C:\Program Files\Creative
2008-06-23 16:44:02 233472 -ra------ C:\WINDOWS\system32\MafiaSetup.exe <Not Verified; ; MafiaInstallShield Application>
2008-06-21 12:28:01 0 d-------- C:\Program Files\gBurner
2008-06-18 08:17:27 0 d-------- C:\Program Files\Compaq
2008-06-18 08:17:25 0 d-------- C:\CPQSYSTEM
2008-06-15 16:52:44 0 d-------- C:\Program Files\BitComet
2008-06-14 09:29:29 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-09 23:32:25 0 d-------- C:\Program Files\SopCast


-- Find3M Report ---------------------------------------------------------------

2008-07-03 20:45:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-07-03 20:08:27 0 d-------- C:\Program Files\Paradox Interactive
2008-07-02 22:01:27 0 d-------- C:\Program Files\Azureus
2008-06-23 22:07:57 0 d-------- C:\Program Files\Windows Live
2008-06-23 19:14:10 0 d-------- C:\Program Files\ArtMoney
2008-06-16 20:59:31 0 d-------- C:\Program Files\Command And Conquer 3 Tiberium Wars
2008-06-07 15:03:09 0 d-------- C:\Program Files\Paradox Entertainment
2008-06-07 15:03:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 21:20:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\temp
2008-05-25 23:44:23 0 d-------- C:\Program Files\Game Speed Changer
2008-05-22 17:18:09 0 d-------- C:\Program Files\Cpukiller
2008-05-10 11:20:40 0 d-------- C:\Program Files\1C
2008-05-10 10:53:01 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-09 08:06:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-09 08:01:46 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 19:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
"nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" []
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" []
"CpuIdle"="" []
"RAM Idle Professional"="C:\Program Files\RAM Idle LE\RAM_XP.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2005-08-08 17:56]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe" [2007-07-23 10:05]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {c58386e7-0d45-46ec-9081-45f33699bdfc} - C:\WINDOWS\Installer\{c58386e7-0d45-46ec-9081-45f33699bdfc}\zip.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfebxw]
khfebxw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"srservice"=2 (0x2)
"SharedAccess"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{660c0941-1472-11dd-a28c-044b80808003}]
AutoRun\command- K:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
C:\WINDOWS\system32\svchost.exe



-- End of Deckard's System Scanner: finished at 2008-07-05 09:25:49 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 20%
Physical Memory (total/avail): 2047.48 MiB / 1629.05 MiB
Pagefile Memory (total/avail): 10077.59 MiB / 9812.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.69 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 186.3 GiB total, 76.25 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 117.85 GiB free.
E: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000JS-00MHB0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD2500JS-00NCB1 - 232.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Bitdefender Firewall v8.0 (BitDefender)
AV: Bitdefender Antivirus v8.0 (BitDefender) Disabled
AV: avast! antivirus 4.8.1201 [VPS 080704-2] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\recovery\\Wolfenstein - Enemy Territory\\ET.exe"="D:\\recovery\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=R2D2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
INCLUDE=C:\watcom-1.3\h;C:\watcom-1.3\h\nt;C:\watcom-1.3\maple\include
KMP_DUPLICATE_LIB_OK=TRUE
LOGONSERVER=\\R2D2
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\watcom-1.3\binnt;C:\watcom-1.3\binw
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=R2D2
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
WATCOM=C:\watcom-1.3
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Европа III --> C:\WINDOWS\IsUninstR.Exe -fC:\PROGRA~1\Snowball.ru\EU3\DeIsL1.isu -cC:\PROGRA~1\Snowball.ru\EU3\EU3_RE~1.DLL
3114 SATARAID5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9
AC3File (remove only) --> C:\Program Files\AC3File\uninstall.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
ArtMoney SE v7.27 --> "C:\Program Files\ArtMoney\Uninstall\unins000.exe"
ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x19
ASUS GameFace Live --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D8533B-9EE7-46AB-B8B2-D643F888C5DF}
ASUS GameLiveShow --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{04726714-8286-43B8-AFD6-2DF92EC49995}
ASUS nVIDIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1049
ASUS SmartDoctor --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1049
ASUS VideoSecurity Online --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
ChessGenius Classic --> C:\Program Files\ChessGenius Classic\uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Crusader Kings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6B8ED44-CA4A-4702-924D-34596E5450DB}\Setup.exe" -l0x9
DjVu ActiveX Control for Microsoft Office --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB832190-F87C-11D4-BD96-000102C10FD8}\Setup.exe"
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
gBurner --> "C:\Program Files\gBurner\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
In Nomine 1.0 --> "C:\Program Files\Paradox Interactive\In Nomine\unins000.exe"
InFlac 1.1.1 --> "C:\Program Files\Winamp\InFlac-Uninstall.exe"
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
King's Bounty: Легенда о Рыцаре --> "C:\Program Files\1C\King's Bounty. Легенда о Рыцаре\unins000.exe"
LIVE gaming on Windows Runtime Version 1.0.6027 --> MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
Mafia --> d:\program files\Mafia\MafiaSetup.exe
Maple 10 --> "C:\Program Files\Maple 10\Uninstall_Maple 10\Uninstall Maple 10.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MegaTrainer XL V1.5.5.5-Beta --> "C:\Program Files\MegaDev\MD-Trainers\MegaTrainer XL\unins000.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Monkey's Audio --> "C:\Program Files\Monkey's Audio\unins000.exe"
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Napoleon's Ambition --> "C:\Program Files\Paradox Interactive\Napoleon\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
QuickTime 3.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x19 -removeonly
Reason 3.0 --> "C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Rites of War --> C:\WINDOWS\IsUninst.exe -f"d:\Program Files\SSI\Rites of War\Uninst.isu"
Smart Sync --> MsiExec.exe /I{17068829-10EE-4581-BDC8-C53C483694A3}
SopCast 3.0.3 --> C:\Program Files\SopCast\uninst.exe
Victoria --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE7CB755-7C0B-4D11-8E5D-D6B6C1090A7B}\Setup.exe" -l0x9
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Live Messenger --> MsiExec.exe /X{087B2CCA-0F1C-4434-B7C6-6B5E0EFD31BC}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5251 / Error
Event Submitted/Written: 07/05/2008 09:02:20 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Processing media-specific event for [svchost.exe!ws!]

Event Record #/Type5248 / Error
Event Submitted/Written: 07/04/2008 10:18:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Processing media-specific event for [svchost.exe!ws!]

Event Record #/Type5244 / Error
Event Submitted/Written: 07/03/2008 09:35:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.
Processing media-specific event for [svchost.exe!ws!]

Event Record #/Type5243 / Error
Event Submitted/Written: 07/03/2008 08:14:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application eu3game.exe, version 0.0.0.0, faulting module eu3game.exe, version 0.0.0.0, fault address 0x00655cfb.
Processing media-specific event for [eu3game.exe!ws!]

Event Record #/Type5238 / Success
Event Submitted/Written: 07/03/2008 07:06:57 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12466 / Error
Event Submitted/Written: 07/05/2008 09:14:03 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BitDefender Virus Shield service failed to start due to the following error:
%%3

Event Record #/Type12465 / Error
Event Submitted/Written: 07/05/2008 09:14:03 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The System Restore Service service terminated with the following error:
%%2

Event Record #/Type12464 / Error
Event Submitted/Written: 07/05/2008 09:14:01 AM
Event ID/Source: 104 / SRService
Event Description:
The System Restore initialization process failed.

Event Record #/Type12461 / Error
Event Submitted/Written: 07/05/2008 09:07:16 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
AmdK8
appdrv01
asuskbnt
aswSP
aswTdi
bdftdif
Fips
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event Record #/Type12460 / Error
Event Submitted/Written: 07/05/2008 09:07:16 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-07-05 09:25:49 ------------
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\VundoFix Backups
    C:\WINDOWS\Installer\{c58386e7-0d45-46ec-9081-45f33699bdfc}\zip.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\zip
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfebxw
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please post the following logs in your next reply.. Please post each log in separate post..

1. OTMoveIt2
2. Malwarebytes
3. A fresh DSS log (after Malwarebytes' step)
4. Tell me about your computer condition...



Regards
fenzodahl512
  • 0

#6
Roman Pope

Roman Pope

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Well, to be honest - I don't know how my computer is doing... I'll let you be the judge of it. BUT! I want to tell few things first... my sound seems to be disappearing from time to time... there is an error that pops ("Generic Host Process" error) and then the sound drivers/card cannot be found by applications. I tried to install some windows update (KB894391), but it does not help.
I also noticed something weird when OTMoveIt2 scan was done. It asked me to restart the computer (I suppose it is the normal). After the restart the windows wouldn’t load.
And there is no extra.txt this time...

Explorer killed successfully
C:\VundoFix Backups moved successfully.
File/Folder C:\WINDOWS\Installer\{c58386e7-0d45-46ec-9081-45f33699bdfc}\zip.dll not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\zip >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\zip deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfebxw >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfebxw\\ deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFE138.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFE146.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFED54.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFED60.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~ROMFN_0000016C scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_164.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07052008_163440

Malwarebytes' Anti-Malware 1.19
Database version: 924
Windows 5.1.2600 Service Pack 2

17:19:53 2008-07-05
mbam-log-7-5-2008 (17-19-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 128545
Time elapsed: 37 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Quantic (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3feca576-7ad2-4e11-a6ad-6b59d4fb5db9} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wem4\begmgr11.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-05 17:34:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34, on 2008-07-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vif.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190595128265
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortuneloung...ic/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39E127CF-79A1-4567-A963-D2AACDBEACCC}: NameServer = 192.168.0.1
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6931 bytes

-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 16:41:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-05 16:41:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 16:41:10 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 20:32:25 0 d-------- C:\Program Files\Trend Micro
2008-06-23 16:52:17 139264 --a------ C:\WINDOWS\system32\eax.dll <Not Verified; Creative Technology Ltd; EAX Unified>
2008-06-23 16:52:17 0 d-------- C:\Program Files\Creative
2008-06-23 16:44:02 233472 -ra------ C:\WINDOWS\system32\MafiaSetup.exe <Not Verified; ; MafiaInstallShield Application>
2008-06-21 12:28:01 0 d-------- C:\Program Files\gBurner
2008-06-18 08:17:27 0 d-------- C:\Program Files\Compaq
2008-06-18 08:17:25 0 d-------- C:\CPQSYSTEM
2008-06-15 16:52:44 0 d-------- C:\Program Files\BitComet
2008-06-14 09:29:29 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-09 23:32:25 0 d-------- C:\Program Files\SopCast


-- Find3M Report ---------------------------------------------------------------

2008-07-03 20:45:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-07-03 20:08:27 0 d-------- C:\Program Files\Paradox Interactive
2008-07-02 22:01:27 0 d-------- C:\Program Files\Azureus
2008-06-23 22:07:57 0 d-------- C:\Program Files\Windows Live
2008-06-23 19:14:10 0 d-------- C:\Program Files\ArtMoney
2008-06-16 20:59:31 0 d-------- C:\Program Files\Command And Conquer 3 Tiberium Wars
2008-06-07 15:03:09 0 d-------- C:\Program Files\Paradox Entertainment
2008-06-07 15:03:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 21:20:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\temp
2008-05-25 23:44:23 0 d-------- C:\Program Files\Game Speed Changer
2008-05-22 17:18:09 0 d-------- C:\Program Files\Cpukiller
2008-05-10 11:20:40 0 d-------- C:\Program Files\1C
2008-05-10 10:53:01 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-09 08:06:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-09 08:01:46 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 19:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
"nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" []
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" []
"CpuIdle"="" []
"RAM Idle Professional"="C:\Program Files\RAM Idle LE\RAM_XP.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2005-08-08 17:56]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe" [2007-07-23 10:05]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"srservice"=2 (0x2)
"SharedAccess"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{660c0941-1472-11dd-a28c-044b80808003}]
AutoRun\command- K:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
C:\WINDOWS\system32\svchost.exe



-- End of Deckard's System Scanner: finished at 2008-07-05 17:34:45 ------------
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. First of all, you have 2 antivirus in your computer (Avast! and Bit Defender).. This is not good.. They may clash with each other and hampering your protection potential.. Please uninstall one of your antivirus NOW.. If you are subscribe to Bit Defender, I'd suggest you to uninstall Avast!.. Otherwise, it is really you choice to keep which one and remove the other....



NEXT


Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\System32\appdrvrem01.exe
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.




NEXT


The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.

For detailed instruction on how to back-up registry via ERUNT, please visit HERE




NEXT


Please copy and paste the following into a Notepad

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CpuIdle"=-

Save it in desktop as Fix.reg and in Save as type: choose All Files

A new registry file will then created on your desktop. It should look like this: Posted Image

Just double-click the file and choose Yes at prompt.

If you do not sure how to make a registry file, please visit HERE for the tutorial.




Please post the following logs in your next reply..

1. Jotti/VirusTotal
2. A fresh Deckard System Scanner


Regards
fenzodahl512
  • 0

#8
Roman Pope

Roman Pope

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
I believe that I only have one anti-virus active at the moment. I am currently not using the BitDefender. I uninstalled it, and never fully installed...

File: appdrvrem01.exe
Status: OK
MD5: 97661e82b22f2e932aeec2315aff15fd
Packers detected: -

(Same result for Virustotal)

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-06 09:30:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:30, on 2008-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vif.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190595128265
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortuneloung...ic/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39E127CF-79A1-4567-A963-D2AACDBEACCC}: NameServer = 192.168.0.1
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6980 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-05 17:41:34 0 d-------- C:\VundoFix Backups
2008-07-05 16:41:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-05 16:41:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 16:41:10 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 20:32:25 0 d-------- C:\Program Files\Trend Micro
2008-06-23 16:52:17 139264 --a------ C:\WINDOWS\system32\eax.dll <Not Verified; Creative Technology Ltd; EAX Unified>
2008-06-23 16:52:17 0 d-------- C:\Program Files\Creative
2008-06-23 16:44:02 233472 -ra------ C:\WINDOWS\system32\MafiaSetup.exe <Not Verified; ; MafiaInstallShield Application>
2008-06-21 12:28:01 0 d-------- C:\Program Files\gBurner
2008-06-18 08:17:27 0 d-------- C:\Program Files\Compaq
2008-06-18 08:17:25 0 d-------- C:\CPQSYSTEM
2008-06-15 16:52:44 0 d-------- C:\Program Files\BitComet
2008-06-14 09:29:29 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-09 23:32:25 0 d-------- C:\Program Files\SopCast


-- Find3M Report ---------------------------------------------------------------

2008-07-03 20:45:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-07-03 20:08:27 0 d-------- C:\Program Files\Paradox Interactive
2008-07-02 22:01:27 0 d-------- C:\Program Files\Azureus
2008-06-23 22:07:57 0 d-------- C:\Program Files\Windows Live
2008-06-23 19:14:10 0 d-------- C:\Program Files\ArtMoney
2008-06-16 20:59:31 0 d-------- C:\Program Files\Command And Conquer 3 Tiberium Wars
2008-06-07 15:03:09 0 d-------- C:\Program Files\Paradox Entertainment
2008-06-07 15:03:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 21:20:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\temp
2008-05-25 23:44:23 0 d-------- C:\Program Files\Game Speed Changer
2008-05-22 17:18:09 0 d-------- C:\Program Files\Cpukiller
2008-05-10 11:20:40 0 d-------- C:\Program Files\1C
2008-05-10 10:53:01 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-09 08:06:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-09 08:01:46 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 19:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
"nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" []
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" []
"RAM Idle Professional"="C:\Program Files\RAM Idle LE\RAM_XP.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2005-08-08 17:56]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe" [2007-07-23 10:05]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"srservice"=2 (0x2)
"SharedAccess"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{660c0941-1472-11dd-a28c-044b80808003}]
AutoRun\command- K:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
C:\WINDOWS\system32\svchost.exe



-- End of Deckard's System Scanner: finished at 2008-07-06 09:30:50 ------------
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#10
Roman Pope

Roman Pope

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 06, 2008 16:22:49
Records in database: 918651
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan statistics:
Files scanned: 105943
Threat name: 8
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 04:52:48


File name / Threat name / Threats count
C:\SDFix\backups\backups.zip Infected: not-a-virus:FraudTool.Win32.AntiSpywareMaster 1
C:\Temp\hadhe3203.exe Infected: Trojan-Downloader.Win32.Small.buy 1
C:\Temp\hadhe3203.exe Infected: Trojan-Downloader.Win32.Small.tei 1
C:\Temp\hadhe3203.exe Infected: not-a-virus:AdWare.Win32.TTC.d 1
C:\Temp\hadhe3203.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am 1
C:\Temp\hadhe3203.exe Infected: not-a-virus:AdWare.Win32.TrafficSol.ai 1
C:\WINDOWS\Installer\{980078e3-3c7e-4c8a-a67a-d874aa04c913}\zip.dll Infected: Trojan-Downloader.Win32.BHO.ct 1
C:\WINDOWS\Installer\{be960e08-1375-40d5-86cb-7542f02d9157}\zip.dll Infected: Trojan-Downloader.Win32.BHO.ct 1
C:\WINDOWS\Installer\{dcb0b1c0-420b-4ee5-9b4e-b05ddbb92e20}\zip.dll Infected: Trojan-Downloader.Win32.BHO.ct 1
C:\_OTMoveIt\MovedFiles\07052008_163440\VundoFix Backups\cbxxyww.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.lnz 1
C:\_OTMoveIt\MovedFiles\07052008_163440\VundoFix Backups\mljjjji.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.lnz 1

The selected area was scanned.
  • 0

Advertisements


#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\SDFix\backups\backups.zip
    C:\Temp\hadhe3203.exe
    C:\WINDOWS\Installer\{980078e3-3c7e-4c8a-a67a-d874aa04c913}
    C:\WINDOWS\Installer\{be960e08-1375-40d5-86cb-7542f02d9157}
    C:\WINDOWS\Installer\{dcb0b1c0-420b-4ee5-9b4e-b05ddbb92e20}
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post OTMoveIt2 log along with a fresh DSS log in your next reply.. Tell me about your computer condition now..


Regards
fenzodahl512

Edited by fenzodahl512, 06 July 2008 - 04:54 PM.

  • 0

#12
Roman Pope

Roman Pope

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
So far so good. IE is working, but I don't know about the sound problem - have to wait...

Explorer killed successfully
C:\SDFix\backups\backups.zip moved successfully.
C:\Temp\hadhe3203.exe moved successfully.
C:\WINDOWS\Installer\{980078e3-3c7e-4c8a-a67a-d874aa04c913} moved successfully.
C:\WINDOWS\Installer\{be960e08-1375-40d5-86cb-7542f02d9157} moved successfully.
C:\WINDOWS\Installer\{dcb0b1c0-420b-4ee5-9b4e-b05ddbb92e20} moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF1747.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF8068.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF807C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFEC1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFED5.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~ROMFN_00000E84 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_164.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07062008_190628

Files moved on Reboot...
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF1747.tmp moved successfully.
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF8068.tmp not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF807C.tmp not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFEC1.tmp not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFFED5.tmp not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~ROMFN_00000E84 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_164.dat not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-06 19:17:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17, on 2008-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vif.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190595128265
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valu...018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortuneloung...ic/FlashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39E127CF-79A1-4567-A963-D2AACDBEACCC}: NameServer = 192.168.0.1
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7069 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-05 16:41:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-05 16:41:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 16:41:10 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 20:32:25 0 d-------- C:\Program Files\Trend Micro
2008-06-23 16:52:17 139264 --a------ C:\WINDOWS\system32\eax.dll <Not Verified; Creative Technology Ltd; EAX Unified>
2008-06-23 16:52:17 0 d-------- C:\Program Files\Creative
2008-06-23 16:44:02 233472 -ra------ C:\WINDOWS\system32\MafiaSetup.exe <Not Verified; ; MafiaInstallShield Application>
2008-06-21 12:28:01 0 d-------- C:\Program Files\gBurner
2008-06-18 08:17:27 0 d-------- C:\Program Files\Compaq
2008-06-18 08:17:25 0 d-------- C:\CPQSYSTEM
2008-06-15 16:52:44 0 d-------- C:\Program Files\BitComet
2008-06-14 09:29:29 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-09 23:32:25 0 d-------- C:\Program Files\SopCast


-- Find3M Report ---------------------------------------------------------------

2008-07-03 20:45:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-07-03 20:08:27 0 d-------- C:\Program Files\Paradox Interactive
2008-07-02 22:01:27 0 d-------- C:\Program Files\Azureus
2008-06-23 22:07:57 0 d-------- C:\Program Files\Windows Live
2008-06-23 19:14:10 0 d-------- C:\Program Files\ArtMoney
2008-06-16 20:59:31 0 d-------- C:\Program Files\Command And Conquer 3 Tiberium Wars
2008-06-07 15:03:09 0 d-------- C:\Program Files\Paradox Entertainment
2008-06-07 15:03:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 21:20:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\temp
2008-05-25 23:44:23 0 d-------- C:\Program Files\Game Speed Changer
2008-05-22 17:18:09 0 d-------- C:\Program Files\Cpukiller
2008-05-10 11:20:40 0 d-------- C:\Program Files\1C
2008-05-10 10:53:01 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-09 08:06:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-09 08:01:46 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 19:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41]
"nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" []
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" []
"RAM Idle Professional"="C:\Program Files\RAM Idle LE\RAM_XP.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe" [2005-08-08 17:56]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe" [2007-07-23 10:05]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"srservice"=2 (0x2)
"SharedAccess"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{660c0941-1472-11dd-a28c-044b80808003}]
AutoRun\command- K:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
C:\WINDOWS\system32\svchost.exe



-- End of Deckard's System Scanner: finished at 2008-07-06 19:18:03 ------------
  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
OK.. I'm gonna wait for your sound test.. Wanna double confirm with you.. You don't use Bit Defender no more right?


Regards
fenzodahl512
  • 0

#14
Roman Pope

Roman Pope

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Nope, I don't use it.
  • 0

#15
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok then, lets do this...


We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop LIVESRV
sc delete LIVESRV
sc stop VSSERV
sc delete VSSERV
sc stop XCOMM
sc delete XCOMM
exit

Save it to your desktop as File name: Service.bat
Save as type: All Files

Once done, double click Service.bat to run it. A command window will open briefly, then close. This is quite normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.




NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (file missing)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\BitDefender
    C:\Program Files\Common Files\BitDefender
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post the following logs in your next reply...

1. OTMoveIt2
2. A fresh DSS log
3. Tell me about your computer condition...


Regards
fenzodahl512
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP