Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System Applications Do Not Work [CLOSED] [RESOLVED]

Started by monzy , Jul 27 2008 07:19 AM

This topic is locked

#1
monzy

Posted 27 July 2008 - 07:19 AM

Member

Member
11 posts

Hi, I seem to have a problem with all my system applications. msconfig does not run when i do start>run>msconfig. Also task manager does not open i have tried all the ways of opening such as ctrl+alt+del and right clicking the taskbar and trying to open it that way. Also when i do start>run>cmd.exe. it comes up with a empty folder and does not come up with cmd, just a folder called cmd.exe. here is my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:31, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility.\Gear511.exe -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB9205] command /c del "C:\WINDOWS\system32\amvo0.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3311] cmd /c del "C:\WINDOWS\system32\amvo0.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Netgear Wireless Domain Login Service (NWDLS) - Unknown owner - C:\WINDOWS\system32\NWDLS.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

--
End of file - 9863 bytes

#2
fenzodahl512

Posted 27 July 2008 - 03:50 PM

Malware Removal
9,863 posts

Hello.. my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...

Please download from Flash_Disinfector by sUBs and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

NEXT

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
Please let your firewall allow the scanning/downloading process.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Regards
fenzodahl512

#3
monzy

Posted 28 July 2008 - 09:33 AM

Member

Topic Starter
Member
11 posts

Hi, Thanks for the reply but when i try open Flash disinfector it says "Cannot create nircmd.exe". Should i just run the DSS?

#4
fenzodahl512

Posted 28 July 2008 - 09:40 AM

Malware Removal
9,863 posts

Hi, Thanks for the reply but when i try open Flash disinfector it says "Cannot create nircmd.exe". Should i just run the DSS?

yup.. just run DSS..

#5
monzy

Posted 28 July 2008 - 12:46 PM

Member

Topic Starter
Member
11 posts

Hi, just did the dss scan and here are the results:

from extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile Intel® Pentium® 4 - M CPU 2.00GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 766.98 MiB / 435.29 MiB
Pagefile Memory (total/avail): 1109.23 MiB / 843.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.7 MiB

C: is Fixed (NTFS) - 37.26 GiB total, 8.12 GiB free.
D: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N040ATCS05-0 - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Free Download Manager\\fdm.exe"="C:\\Program Files\\Free Download Manager\\fdm.exe:*:Enabled:fdm"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe:*:Enabled:Update Service"
"C:\\Program Files\\O2\\bin\\wificfg.exe"="C:\\Program Files\\O2\\bin\\wificfg.exe:*:Enabled:sprtcmd.exe"
"C:\\Program Files\\O2\\agent\\bin\\bcont.exe"="C:\\Program Files\\O2\\agent\\bin\\bcont.exe:*:Enabled:bcont.exe"
"C:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"="C:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe:*:Enabled:ssrc.exe"
"C:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"="C:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe:*:Enabled:bcont_nm.exe"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"

-- Environment Variables -------------------------------------------------------

Unable to get environment variables; Access is denied.
ComSpec: C:\WINDOWS\system32\cmd.exe

-- User Profiles ---------------------------------------------------------------

Monju (admin)

-- Add/Remove Programs ---------------------------------------------------------

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Applian FLV Player --> "C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avi2Dvd 0.3.1 beta --> C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
EAX™ Unified (SHELL) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX™ Unified (SHELL)\Uninst.isu"
Eraser 5.3 --> C:\WINDOWS\system32\stuninstall.exe C:\Program Files\Eraser\uninstall.dat
Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
Free FLV to AVI Converter V1.5 --> "C:\Program Files\Free FLV to AVI Converter\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Internet Download Manager --> C:\Program Files\Internet Download Manager\Uninstall.exe
IsoBuster 2.4 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Windows XP Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Security Update for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows Genuine Advantage Validation Tool (KB892130) -->
Security Update for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803) --> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Update for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Update for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Update for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Update for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Update for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Update for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Update for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Update for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Update for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Update for Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Update for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Update for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Update for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
K-Lite Codec Pack 4.0.0 (Full) --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lexmark 4300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxceUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.5.77 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
IBM ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
QuickTime Alternative 1.69 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SopCast 3.0.3 --> C:\Program Files\SopCast\uninst.exe
IBM ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xilisoft AVI to DVD Converter --> C:\Program Files\Xilisoft\AVI to DVD Converter\Uninstall.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Sony Ericsson PC Suite --> MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
O2 Broadband Assistant --> MsiExec.exe /X{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}
Nero 7 Premium --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Rosetta Stone V3 --> MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
Multimedia Transcoding Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{894DACDA-98EE-4572-BC93-1A582D375ECD}\setup.exe" -l0x9 -removeonly
Bluesoleil2.7.0.13 VoIP Release 071227 --> MsiExec.exe /X{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
VersionTracker Pro Windows --> MsiExec.exe /X{C1EDC38F-2760-4A4E-9CED-95B53024134C}
Sony Ericsson Drivers --> MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
NETGEAR 108 Mbps Wireless PC Card WG511T --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9D20484-D3CC-4CD2-B1ED-B72A9CEFD45D}\Setup.exe" -l0x9
Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
LogMeIn --> MsiExec.exe /I{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

-- Application Event Log -------------------------------------------------------

Event Record #/Type1641 / Success
Event Submitted/Written: 07/28/2008 06:35:29 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1621 / Success
Event Submitted/Written: 07/28/2008 03:40:56 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1611 / Error
Event Submitted/Written: 07/27/2008 10:38:45 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Event Record #/Type1610 / Error
Event Submitted/Written: 07/27/2008 10:38:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x05f870f0.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type1602 / Success
Event Submitted/Written: 07/27/2008 01:35:34 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type11681 / Warning
Event Submitted/Written: 07/28/2008 06:46:39 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000FB563FF56. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type11659 / Error
Event Submitted/Written: 07/28/2008 06:45:59 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Netgear Wireless Domain Login Service service failed to start due to the following error:
%%2

Event Record #/Type11656 / Warning
Event Submitted/Written: 07/28/2008 06:45:42 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000FB563FF56. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type11655 / Warning
Event Submitted/Written: 07/28/2008 06:45:42 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000FB563FF56. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type11649 / Warning
Event Submitted/Written: 07/28/2008 05:29:32 PM
Event ID/Source: 29702 / ati2mtag
Event Description:
Invalid pixel format

-- End of Deckard's System Scanner: finished at 2008-07-28 19:33:03 ------------

From Main.txt:

Deckard's System Scanner v20071014.68
Run by Monju on 2008-07-28 19:31:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
27: 2008-07-28 18:32:01 UTC - RP133 - Deckard's System Scanner Restore Point
26: 2008-07-28 15:35:35 UTC - RP132 - Software Distribution Service 3.0
25: 2008-07-26 19:22:35 UTC - RP131 - Installed Rosetta Stone V3.
24: 2008-07-26 19:02:47 UTC - RP130 - Installed Java™ 6 Update 7
23: 2008-07-26 15:23:47 UTC - RP129 - Installed LogMeIn

-- First Restore Point --
1: 2008-06-19 09:56:10 UTC - RP107 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Monju.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:36, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Monju\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Monju.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility.\Gear511.exe -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Netgear Wireless Domain Login Service (NWDLS) - Unknown owner - C:\WINDOWS\system32\NWDLS.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

--
End of file - 9967 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 AWINDIS5 (AWINDIS5 Protocol Driver) - c:\windows\system32\awindis5.sys <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 NWDLS (Netgear Wireless Domain Login Service) - c:\windows\system32\nwdls.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 17:06:43 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-28 16:44:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-28 16:17:55 0 dr-h----- C:\Documents and Settings\Monju\Recent
2008-07-28 16:10:09 0 d--hs---- C:\found.000
2008-07-27 19:48:23 0 d-------- C:\Program Files\SopCast
2008-07-27 13:31:19 72192 -r-hs---- C:\WINDOWS\system32\amvo0.dll
2008-07-26 20:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-26 20:23:11 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-26 20:22:38 0 d-------- C:\Program Files\Rosetta Stone
2008-07-26 20:22:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-07-26 17:58:13 0 d-------- C:\Program Files\Trend Micro
2008-07-26 16:28:20 0 d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-26 16:23:50 0 d-------- C:\Program Files\LogMeIn
2008-07-26 15:52:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-26 15:17:05 36864 -----n--- C:\WINDOWS\system32\kill.dll
2008-07-26 15:16:57 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-26 15:16:43 221184 --a------ C:\WINDOWS\Unin511T.exe <Not Verified; ; NetgearRev Application>
2008-07-26 15:16:43 221184 --a------ C:\WINDOWS\Inst511T.exe <Not Verified; ; NetgearRev Application>
2008-07-26 15:16:41 0 d-------- C:\Program Files\NETGEAR
2008-07-26 15:10:44 393216 --a------ C:\WINDOWS\system32\WG511TFCS.exe <Not Verified; NetGear; FCS Service>
2008-07-26 15:10:44 155745 -----n--- C:\WINDOWS\system32\installservice.exe
2008-07-26 15:10:44 102400 --a------ C:\WINDOWS\system32\ASupplicant.dll <Not Verified; Ambit Microsystems; ASupplicant Dynamic Link Library>
2008-07-26 15:10:44 17801 --a------ C:\WINDOWS\system32\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-26 15:01:39 16194 --a------ C:\WINDOWS\system32\AWINDIS5.SYS <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
2008-07-26 15:01:39 73728 --a------ C:\WINDOWS\system32\AW32n50.dll <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 DLL for Windows>
2008-07-22 15:30:18 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-16 12:50:12 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-07-13 22:45:33 0 d-------- C:\Program Files\Xilisoft
2008-07-12 18:57:55 0 d-------- C:\WINDOWS\Sun
2008-07-11 18:38:19 0 d-------- C:\Program Files\YourWare Solutions
2008-07-11 18:16:29 0 d-------- C:\Program Files\Foxit Software
2008-07-11 15:49:44 155648 --a------ C:\WINDOWS\system32\stuninstall.exe <Not Verified; -; Uninstall>
2008-07-11 15:49:41 0 d-------- C:\Program Files\Eraser
2008-07-11 15:46:34 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-11 15:46:29 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-11 15:46:29 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-11 15:46:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-11 15:46:28 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-07-11 15:46:28 683520 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-07-11 15:46:27 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-11 15:46:25 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-11 14:50:19 0 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-07-11 14:49:03 0 d-------- C:\Program Files\Siber Systems
2008-07-11 14:09:02 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-11 14:08:41 0 d-------- C:\Program Files\Real
2008-07-11 14:08:38 0 d-------- C:\Program Files\Common Files\Real
2008-07-11 14:08:36 0 d-------- C:\Documents and Settings\Monju\Application Data\Real
2008-07-11 10:06:06 0 d-------- C:\Documents and Settings\Monju\Application Data\IDM
2008-07-11 10:05:57 0 d-------- C:\Program Files\Internet Download Manager
2008-07-11 09:44:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-11 09:43:07 0 d-------- C:\Program Files\O2
2008-07-11 09:27:39 0 d-------- C:\Program Files\Common Files\SupportSoft

-- Find3M Report ---------------------------------------------------------------

2008-07-28 18:46:44 0 d-------- C:\Documents and Settings\Monju\Application Data\Free Download Manager
2008-07-28 18:46:11 0 d-------- C:\Documents and Settings\Monju\Application Data\VersionTracker Pro
2008-07-28 18:46:07 0 d-------- C:\Documents and Settings\Monju\Application Data\DMCache
2008-07-28 18:35:23 0 d-------- C:\Documents and Settings\Monju\Application Data\uTorrent
2008-07-27 17:46:35 0 d-------- C:\Program Files\AviSynth 2.5
2008-07-26 20:23:11 0 d-------- C:\Program Files\Common Files
2008-07-26 20:06:35 0 d-------- C:\Program Files\Java
2008-07-26 15:16:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-23 16:57:05 0 d-------- C:\Documents and Settings\Monju\Application Data\OpenOffice.org2
2008-07-18 14:57:23 0 d-------- C:\Documents and Settings\Monju\Application Data\LimeWire
2008-07-16 12:53:50 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-14 10:12:13 0 d-------- C:\Program Files\Lx_cats
2008-07-11 23:16:49 0 d-------- C:\Program Files\BitComet
2008-06-20 16:17:30 0 d-------- C:\Program Files\Sony Ericsson
2008-06-20 16:05:42 0 d-------- C:\Documents and Settings\Monju\Application Data\Teleca
2008-06-19 23:25:49 0 d-------- C:\Documents and Settings\Monju\Application Data\Sony Ericsson
2008-06-19 23:25:34 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-06-19 23:25:33 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-19 17:08:18 0 d-------- C:\Program Files\CCleaner
2008-06-19 17:05:07 0 d-------- C:\Documents and Settings\Monju\Application Data\CBL-Electronics
2008-06-19 16:55:24 0 d-------- C:\Program Files\PartyGaming
2008-06-19 16:24:08 0 d-------- C:\Program Files\Smart Projects
2008-06-19 15:04:57 0 d-------- C:\Program Files\DVD Decrypter
2008-06-05 11:45:46 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-04 23:03:11 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-04 23:02:47 0 d-------- C:\Program Files\KONAMI

-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; Access is denied.
ComSpec: C:\WINDOWS\system32\cmd.exe

-- End of Deckard's System Scanner: finished at 2008-07-28 19:33:03 ------------

Thanks.

#6
fenzodahl512

Posted 28 July 2008 - 05:39 PM

Malware Removal
9,863 posts

Hello.. I need to see your Environment Variables inside your computer.. Please do the following..

Please go to Start >> Run >> Copy/paste below code >> Press Enter

reg export "HKEY_CURRENT_USER\Environment" C:\result1.txt

Please repeat the step with below code

reg export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" C:\result2.txt

Two textfiles (result1.txt and result2.txt) will be created on your C:\ drive. Please post the content of result1.txt and result2.txt in your next reply..

#7
monzy

Posted 29 July 2008 - 04:47 AM

Member

Topic Starter
Member
11 posts

Hi, these are the results for environmental variables:

result 1:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Environment]
"TEMP"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\
00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,00,\
74,00,69,00,6e,00,67,00,73,00,5c,00,54,00,65,00,6d,00,70,00,00,00
"TMP"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,00,\
45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,00,74,\
00,69,00,6e,00,67,00,73,00,5c,00,54,00,65,00,6d,00,70,00,00,00
"DEFAULT_CA_NR"="CA18"

Result 2:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ComSpec"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
00,6d,00,64,00,2e,00,65,00,78,00,65,00,00,00
"Path"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,\
00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,54,00,49,00,20,00,54,00,65,00,\
63,00,68,00,6e,00,6f,00,6c,00,6f,00,67,00,69,00,65,00,73,00,5c,00,41,00,54,\
00,49,00,20,00,43,00,6f,00,6e,00,74,00,72,00,6f,00,6c,00,20,00,50,00,61,00,\
6e,00,65,00,6c,00,3b,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,3b,00,43,00,\
3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,3b,00,43,00,3a,00,5c,\
00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,\
65,00,6d,00,33,00,32,00,5c,00,57,00,62,00,65,00,6d,00,3b,00,43,00,3a,00,5c,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,41,00,54,00,49,00,20,00,54,00,65,00,63,00,68,00,6e,00,6f,00,6c,\
00,6f,00,67,00,69,00,65,00,73,00,5c,00,41,00,54,00,49,00,20,00,43,00,6f,00,\
6e,00,74,00,72,00,6f,00,6c,00,20,00,50,00,61,00,6e,00,65,00,6c,00,3b,00,43,\
00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,\
6c,00,65,00,73,00,5c,00,53,00,6d,00,61,00,72,00,74,00,20,00,50,00,72,00,6f,\
00,6a,00,65,00,63,00,74,00,73,00,5c,00,49,00,73,00,6f,00,42,00,75,00,73,00,\
74,00,65,00,72,00,3b,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,6d,00,\
6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,54,00,65,00,6c,00,65,\
00,63,00,61,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,00,00
"windir"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,00,00
"FP_NO_HOST_CHECK"="NO"
"OS"="Windows_NT"
"PROCESSOR_ARCHITECTURE"="x86"
"PROCESSOR_LEVEL"="15"
"PROCESSOR_IDENTIFIER"="x86 Family 15 Model 2 Stepping 7, GenuineIntel"
"PROCESSOR_REVISION"="0207"
"NUMBER_OF_PROCESSORS"="1"
"PATHEXT"=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH"
"TEMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,54,00,45,00,4d,00,50,00,00,00
"TMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,\
25,00,5c,00,54,00,45,00,4d,00,50,00,00,00

Thanks

#8
fenzodahl512

Posted 29 July 2008 - 11:24 AM

Malware Removal
9,863 posts

Hi.. actually, we (that's you and me

) have a situation here and I'm consulting with the experts regarding your problem.. Will be back after get their input on you

Regards
fenzodahl512

#9
fenzodahl512

Posted 29 July 2008 - 03:07 PM

Malware Removal
9,863 posts

Hello, we are going to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Please show hidden files and folders. Please visit HERE if you don't know how.

Please go to Start >> Run >> copy/paste sfc /scannow >> Press Enter..

The program may (or it may not) ask you for your Windows XP installation CD - please insert it at the prompt. If it doesn't ask you for the CD this means that it wasn't necessary to replace any files.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed, and please post a fresh Deckard System Scanner (DSS) log in your next reply..

#10
monzy

Posted 31 July 2008 - 01:59 PM

Member

Topic Starter
Member
11 posts

hi,i did the scan but nothing really happened application wise,but it did say it removed some malicious software from my computer. and i ran the dss test but it only opened one text file the "main.txt" file. here is the results

Deckard's System Scanner v20071014.68
Run by Monju on 2008-07-31 20:54:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Monju.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:51, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Monju\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Monju.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility.\Gear511.exe -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Netgear Wireless Domain Login Service (NWDLS) - Unknown owner - C:\WINDOWS\system32\NWDLS.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

--
End of file - 10044 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 14:33:31 99735 -r-hs---- C:\WINDOWS\system32\amvo.exe
2008-07-29 12:13:12 0 d-------- C:\Program Files\MSXML 6.0
2008-07-29 12:11:06 0 d-------- C:\Program Files\MSXML 4.0
2008-07-29 11:31:30 72192 -r-hs---- C:\WINDOWS\system32\amvo0.dll
2008-07-28 17:06:43 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-28 16:44:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-28 16:17:55 0 dr-h----- C:\Documents and Settings\Monju\Recent
2008-07-28 16:10:09 0 d--hs---- C:\found.000
2008-07-27 19:48:23 0 d-------- C:\Program Files\SopCast
2008-07-26 20:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-26 20:23:11 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-26 20:22:38 0 d-------- C:\Program Files\Rosetta Stone
2008-07-26 20:22:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-07-26 17:58:13 0 d-------- C:\Program Files\Trend Micro
2008-07-26 16:28:20 0 d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-26 16:23:50 0 d-------- C:\Program Files\LogMeIn
2008-07-26 15:52:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-26 15:17:05 36864 -----n--- C:\WINDOWS\system32\kill.dll
2008-07-26 15:16:57 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-26 15:16:43 221184 --a------ C:\WINDOWS\Unin511T.exe <Not Verified; ; NetgearRev Application>
2008-07-26 15:16:43 221184 --a------ C:\WINDOWS\Inst511T.exe <Not Verified; ; NetgearRev Application>
2008-07-26 15:16:41 0 d-------- C:\Program Files\NETGEAR
2008-07-26 15:10:44 393216 --a------ C:\WINDOWS\system32\WG511TFCS.exe <Not Verified; NetGear; FCS Service>
2008-07-26 15:10:44 155745 -----n--- C:\WINDOWS\system32\installservice.exe
2008-07-26 15:10:44 102400 --a------ C:\WINDOWS\system32\ASupplicant.dll <Not Verified; Ambit Microsystems; ASupplicant Dynamic Link Library>
2008-07-26 15:10:44 17801 --a------ C:\WINDOWS\system32\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-26 15:01:39 16194 --a------ C:\WINDOWS\system32\AWINDIS5.SYS <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
2008-07-26 15:01:39 73728 --a------ C:\WINDOWS\system32\AW32n50.dll <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 DLL for Windows>
2008-07-22 15:30:18 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-16 12:50:12 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-07-13 22:45:33 0 d-------- C:\Program Files\Xilisoft
2008-07-12 18:57:55 0 d-------- C:\WINDOWS\Sun
2008-07-11 18:38:19 0 d-------- C:\Program Files\YourWare Solutions
2008-07-11 18:16:29 0 d-------- C:\Program Files\Foxit Software
2008-07-11 15:49:44 155648 --a------ C:\WINDOWS\system32\stuninstall.exe <Not Verified; -; Uninstall>
2008-07-11 15:49:41 0 d-------- C:\Program Files\Eraser
2008-07-11 15:46:34 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-11 15:46:29 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-11 15:46:29 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-11 15:46:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-11 15:46:28 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-07-11 15:46:28 683520 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-07-11 15:46:27 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-11 15:46:25 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-11 14:50:19 0 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-07-11 14:49:03 0 d-------- C:\Program Files\Siber Systems
2008-07-11 14:09:02 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-11 14:08:41 0 d-------- C:\Program Files\Real
2008-07-11 14:08:38 0 d-------- C:\Program Files\Common Files\Real
2008-07-11 14:08:36 0 d-------- C:\Documents and Settings\Monju\Application Data\Real
2008-07-11 10:06:06 0 d-------- C:\Documents and Settings\Monju\Application Data\IDM
2008-07-11 10:05:57 0 d-------- C:\Program Files\Internet Download Manager
2008-07-11 09:44:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-11 09:43:07 0 d-------- C:\Program Files\O2
2008-07-11 09:27:39 0 d-------- C:\Program Files\Common Files\SupportSoft

-- Find3M Report ---------------------------------------------------------------

2008-07-31 20:50:19 0 d-------- C:\Documents and Settings\Monju\Application Data\Free Download Manager
2008-07-31 20:49:49 0 d-------- C:\Documents and Settings\Monju\Application Data\VersionTracker Pro
2008-07-31 20:49:45 0 d-------- C:\Documents and Settings\Monju\Application Data\DMCache
2008-07-31 16:27:50 0 d-------- C:\Documents and Settings\Monju\Application Data\uTorrent
2008-07-27 17:46:35 0 d-------- C:\Program Files\AviSynth 2.5
2008-07-26 20:23:11 0 d-------- C:\Program Files\Common Files
2008-07-26 20:06:35 0 d-------- C:\Program Files\Java
2008-07-26 15:16:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-23 16:57:05 0 d-------- C:\Documents and Settings\Monju\Application Data\OpenOffice.org2
2008-07-18 14:57:23 0 d-------- C:\Documents and Settings\Monju\Application Data\LimeWire
2008-07-16 12:53:50 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-14 10:12:13 0 d-------- C:\Program Files\Lx_cats
2008-07-11 23:16:49 0 d-------- C:\Program Files\BitComet
2008-06-20 16:17:30 0 d-------- C:\Program Files\Sony Ericsson
2008-06-20 16:05:42 0 d-------- C:\Documents and Settings\Monju\Application Data\Teleca
2008-06-19 23:25:49 0 d-------- C:\Documents and Settings\Monju\Application Data\Sony Ericsson
2008-06-19 23:25:34 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-06-19 23:25:33 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-19 17:08:18 0 d-------- C:\Program Files\CCleaner
2008-06-19 17:05:07 0 d-------- C:\Documents and Settings\Monju\Application Data\CBL-Electronics
2008-06-19 16:55:24 0 d-------- C:\Program Files\PartyGaming
2008-06-19 16:24:08 0 d-------- C:\Program Files\Smart Projects
2008-06-19 15:04:57 0 d-------- C:\Program Files\DVD Decrypter
2008-06-05 11:45:46 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-04 23:03:11 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-04 23:02:47 0 d-------- C:\Program Files\KONAMI

-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; Access is denied.
ComSpec: C:\WINDOWS\system32\cmd.exe

-- End of Deckard's System Scanner: finished at 2008-07-31 20:55:36 ------------

#11
fenzodahl512

Posted 31 July 2008 - 02:10 PM

Malware Removal
9,863 posts

Hello, please disable your Spybot S&D prior to our fix.. Please visit below website if you do not know how..
http://wiki.castleco...toring_Programs

NEXT

Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

NEXT

1. Please download Brute Force Uninstaller to your desktop and unzip it into your C:\ drive. Steps below

Right click the BFU folder on your desktop, and choose Extract All
Click Next
In the box to choose where to extract the files to,
Click Browse
Click on the + sign next to My Computer
Click on Local Disk (C:) or whatever your primary drive is
Click Make New Folder
Type in BFU
Click Next, and Uncheck the Show Extracted Files box and then click Finish.

2. RIGHT-CLICK HERE and choose Save As (in IE it's "Save Target As") in order to download Coolpics Remover.
Save it in the same folder you made earlier (C:\BFU).

Do not do anything with these yet!

3. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

4. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Reboot into normal windows and post the contents of the Malwarebytes' text report that you saved and a new DSS log.

Don't forget to re-enable your Spybot back after performing above steps..

Regards
fenzodahl512

#12
monzy

Posted 04 August 2008 - 07:32 AM

Member

Topic Starter
Member
11 posts

Hi, Thanks for your time for doing this for me. Here is the result for malwarebytes:

Malwarebytes' Anti-Malware 1.24
Database version: 1022
Windows 5.1.2600 Service Pack 2

13:46:42 04/08/2008
mbam-log-8-4-2008 (13-46-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 105721
Time elapsed: 1 hour(s), 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amva (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\amvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\cmd.com (Worm.Alcra) -> Delete on reboot.

Here is the result from the DSS scan:

Deckard's System Scanner v20071014.68
Run by Monju on 2008-08-04 14:29:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 4.78 GiB (less than 15%) free.

-- HijackThis (run as Monju.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:22, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Monju\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Monju.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility.\Gear511.exe -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Netgear Wireless Domain Login Service (NWDLS) - Unknown owner - C:\WINDOWS\system32\NWDLS.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

--
End of file - 9759 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 13:51:50 0 d-------- C:\BFU
2008-08-04 13:51:46 72192 ---h----- C:\WINDOWS\system32\amvo0.dll
2008-08-04 12:15:28 0 d-------- C:\Documents and Settings\Monju\Application Data\Malwarebytes
2008-08-04 12:15:23 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 12:15:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-03 12:16:48 0 dr-h----- C:\Documents and Settings\Monju\Recent
2008-08-02 15:23:50 0 d-------- C:\Documents and Settings\Monju\Application Data\TVU Networks
2008-08-02 15:23:50 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-02 15:23:36 0 d-------- C:\Documents and Settings\Monju\LocalLow
2008-08-02 15:23:30 0 d-------- C:\Program Files\TVUPlayer
2008-07-29 12:13:12 0 d-------- C:\Program Files\MSXML 6.0
2008-07-29 12:11:06 0 d-------- C:\Program Files\MSXML 4.0
2008-07-28 17:06:43 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-28 16:44:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-28 16:10:09 0 d--hs---- C:\found.000
2008-07-27 19:48:23 0 d-------- C:\Program Files\SopCast
2008-07-26 20:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-26 20:23:11 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-26 20:22:38 0 d-------- C:\Program Files\Rosetta Stone
2008-07-26 20:22:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-07-26 17:58:13 0 d-------- C:\Program Files\Trend Micro
2008-07-26 16:28:20 0 d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-26 16:23:50 0 d-------- C:\Program Files\LogMeIn
2008-07-26 15:52:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-26 15:17:05 36864 -----n--- C:\WINDOWS\system32\kill.dll
2008-07-26 15:16:57 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-26 15:16:43 221184 --a------ C:\WINDOWS\Unin511T.exe <Not Verified; ; NetgearRev Application>
2008-07-26 15:16:43 221184 --a------ C:\WINDOWS\Inst511T.exe <Not Verified; ; NetgearRev Application>
2008-07-26 15:16:41 0 d-------- C:\Program Files\NETGEAR
2008-07-26 15:10:44 393216 --a------ C:\WINDOWS\system32\WG511TFCS.exe <Not Verified; NetGear; FCS Service>
2008-07-26 15:10:44 155745 -----n--- C:\WINDOWS\system32\installservice.exe
2008-07-26 15:10:44 102400 --a------ C:\WINDOWS\system32\ASupplicant.dll <Not Verified; Ambit Microsystems; ASupplicant Dynamic Link Library>
2008-07-26 15:10:44 17801 --a------ C:\WINDOWS\system32\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-26 15:01:39 16194 --a------ C:\WINDOWS\system32\AWINDIS5.SYS <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
2008-07-26 15:01:39 73728 --a------ C:\WINDOWS\system32\AW32n50.dll <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 DLL for Windows>
2008-07-22 15:30:18 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-16 12:50:12 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-07-13 22:45:33 0 d-------- C:\Program Files\Xilisoft
2008-07-12 18:57:55 0 d-------- C:\WINDOWS\Sun
2008-07-11 18:38:19 0 d-------- C:\Program Files\YourWare Solutions
2008-07-11 18:16:29 0 d-------- C:\Program Files\Foxit Software
2008-07-11 15:49:44 155648 --a------ C:\WINDOWS\system32\stuninstall.exe <Not Verified; -; Uninstall>
2008-07-11 15:49:41 0 d-------- C:\Program Files\Eraser
2008-07-11 15:46:34 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-11 15:46:29 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-11 15:46:29 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-11 15:46:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-11 15:46:28 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-07-11 15:46:28 683520 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-07-11 15:46:27 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-11 15:46:25 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-11 14:50:19 0 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-07-11 14:49:03 0 d-------- C:\Program Files\Siber Systems
2008-07-11 14:09:02 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-11 14:08:41 0 d-------- C:\Program Files\Real
2008-07-11 14:08:38 0 d-------- C:\Program Files\Common Files\Real
2008-07-11 14:08:36 0 d-------- C:\Documents and Settings\Monju\Application Data\Real
2008-07-11 10:06:06 0 d-------- C:\Documents and Settings\Monju\Application Data\IDM
2008-07-11 10:05:57 0 d-------- C:\Program Files\Internet Download Manager
2008-07-11 09:44:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-11 09:43:07 0 d-------- C:\Program Files\O2
2008-07-11 09:27:39 0 d-------- C:\Program Files\Common Files\SupportSoft

-- Find3M Report ---------------------------------------------------------------

2008-08-04 14:29:03 0 d-------- C:\Documents and Settings\Monju\Application Data\Free Download Manager
2008-08-04 14:28:35 0 d-------- C:\Documents and Settings\Monju\Application Data\VersionTracker Pro
2008-08-04 13:49:02 0 d-------- C:\Documents and Settings\Monju\Application Data\DMCache
2008-08-04 08:07:17 0 d-------- C:\Documents and Settings\Monju\Application Data\OpenOffice.org2
2008-08-01 22:01:11 0 d-------- C:\Documents and Settings\Monju\Application Data\uTorrent
2008-07-27 17:46:35 0 d-------- C:\Program Files\AviSynth 2.5
2008-07-26 20:23:11 0 d-------- C:\Program Files\Common Files
2008-07-26 20:06:35 0 d-------- C:\Program Files\Java
2008-07-26 15:16:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 14:57:23 0 d-------- C:\Documents and Settings\Monju\Application Data\LimeWire
2008-07-16 12:53:50 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-14 10:12:13 0 d-------- C:\Program Files\Lx_cats
2008-07-11 23:16:49 0 d-------- C:\Program Files\BitComet
2008-06-20 16:17:30 0 d-------- C:\Program Files\Sony Ericsson
2008-06-20 16:05:42 0 d-------- C:\Documents and Settings\Monju\Application Data\Teleca
2008-06-19 23:25:49 0 d-------- C:\Documents and Settings\Monju\Application Data\Sony Ericsson
2008-06-19 23:25:34 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-06-19 23:25:33 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-19 17:08:18 0 d-------- C:\Program Files\CCleaner
2008-06-19 17:05:07 0 d-------- C:\Documents and Settings\Monju\Application Data\CBL-Electronics
2008-06-19 16:55:24 0 d-------- C:\Program Files\PartyGaming
2008-06-19 16:24:08 0 d-------- C:\Program Files\Smart Projects
2008-06-19 15:04:57 0 d-------- C:\Program Files\DVD Decrypter
2008-06-05 11:45:46 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-04 23:03:11 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-04 23:02:47 0 d-------- C:\Program Files\KONAMI

-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; Access is denied.
ComSpec: C:\WINDOWS\system32\cmd.exe

-- End of Deckard's System Scanner: finished at 2008-08-04 14:29:48 ------------

#13
fenzodahl512

Posted 04 August 2008 - 08:30 AM

Malware Removal
9,863 posts

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
[kill explorer]
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\cmd.com
EmptyTemp
purity
[start explorer]
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

NEXT

Please show hidden files and folders. Please visit HERE if you don't know how.

Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
- C:\WINDOWS\system32\kill.dll
Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

If VirScan.org server is too busy, please submit the file to VirusTotal instead.

Please post the following logs in your next reply.. Post each log in separate post..

1. OTMoveIt2
2. KAspersky Webscanner
3. VirScan.Org result
4. A fresh DSS log..

Regards
fenzodahl512

#14
fenzodahl512

Posted 08 August 2008 - 11:12 PM

Malware Removal
9,863 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.