Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System Applications Do Not Work [CLOSED] [RESOLVED]

Started by monzy , Jul 27 2008 07:19 AM

This topic is locked

#16
monzy

Posted 18 August 2008 - 10:57 AM

Member

Topic Starter
Member
11 posts

Hi, thanks for reopening. The link to kaspersky webscan did not work it just said it has expired, so i just went to online scan on the main site. Here are the results:

Results for OTmoveit2:

Explorer killed successfully
DllUnregisterServer procedure not found in C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo0.dll NOT unregistered.
C:\WINDOWS\system32\amvo0.dll moved successfully.
File/Folder C:\WINDOWS\system32\cmd.com not found.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Monju\LOCALS~1\Temp\Perflib_Perfdata_4b0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Monju\LOCALS~1\Temp\Perflib_Perfdata_558.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Monju\LOCALS~1\Temp\~DF55C0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Monju\LOCALS~1\Temp\~DF722C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Monju\LOCALS~1\Temp\~DF7242.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Monju\LOCALS~1\Temp\~DF844A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Monju\LOCALS~1\Temp\~DF854D.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08182008_122536

Files moved on Reboot...
File C:\DOCUME~1\Monju\LOCALS~1\Temp\Perflib_Perfdata_4b0.dat not found!
File C:\DOCUME~1\Monju\LOCALS~1\Temp\Perflib_Perfdata_558.dat not found!
C:\DOCUME~1\Monju\LOCALS~1\Temp\~DF55C0.tmp moved successfully.
File C:\DOCUME~1\Monju\LOCALS~1\Temp\~DF722C.tmp not found!
File C:\DOCUME~1\Monju\LOCALS~1\Temp\~DF7242.tmp not found!
File C:\DOCUME~1\Monju\LOCALS~1\Temp\~DF844A.tmp not found!
File C:\DOCUME~1\Monju\LOCALS~1\Temp\~DF854D.tmp not found!

Results for Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, August 18, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 18, 2008 12:34:26
Records in database: 1105003
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 73679
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:20:34

File name / Threat name / Threats count
C:\Deckard\System Scanner\20080731205210\backup\DOCUME~1\Monju\LOCALS~1\Temp\cz8.dll Infected: Trojan-PSW.Win32.OnLineGames.ahwj 1
C:\h6o0re.cmd Infected: Trojan-PSW.Win32.OnLineGames.uyy 1
C:\Limit.exe Infected: Worm.Win32.AutoRun.qi 1
C:\_OTMoveIt\MovedFiles\08182008_122536\WINDOWS\system32\amvo0.dll Infected: Trojan-PSW.Win32.OnLineGames.uyx 1

The selected area was scanned.

Results for Virus Total:

Antivirus Version Last Update Result
AhnLab-V3 2008.8.19.0 2008.08.18 -
AntiVir 7.8.1.19 2008.08.18 -
Authentium 5.1.0.4 2008.08.18 -
Avast 4.8.1195.0 2008.08.18 -
AVG 8.0.0.161 2008.08.18 -
BitDefender 7.2 2008.08.18 -
CAT-QuickHeal 9.50 2008.08.18 -
ClamAV 0.93.1 2008.08.18 -
DrWeb 4.44.0.09170 2008.08.18 -
eSafe 7.0.17.0 2008.08.18 -
eTrust-Vet 31.6.6035 2008.08.15 -
Ewido 4.0 2008.08.18 -
F-Prot 4.4.4.56 2008.08.18 -
F-Secure 7.60.13501.0 2008.08.18 -
Fortinet 3.14.0.0 2008.08.18 -
GData 2.0.7306.1023 2008.08.18 -
Ikarus T3.1.1.34.0 2008.08.18 -
K7AntiVirus 7.10.417 2008.08.18 -
Kaspersky 7.0.0.125 2008.08.18 -
McAfee 5362 2008.08.15 -
Microsoft 1.3807 2008.08.18 -
NOD32v2 3365 2008.08.18 -
Norman 5.80.02 2008.08.18 -
Panda 9.0.0.4 2008.08.17 -
PCTools 4.4.2.0 2008.08.18 -
Prevx1 V2 2008.08.18 -
Rising 20.58.02.00 2008.08.18 -
Sophos 4.32.0 2008.08.18 -
Sunbelt 3.1.1546.1 2008.08.15 -
Symantec 10 2008.08.18 -
TheHacker 6.3.0.5.053 2008.08.18 -
TrendMicro 8.700.0.1004 2008.08.18 -
VBA32 3.12.8.3 2008.08.18 -
ViRobot 2008.8.18.1339 2008.08.18 -
VirusBuster 4.5.11.0 2008.08.18 -
Webwasher-Gateway 6.6.2 2008.08.18 -
Additional information
File size: 36864 bytes
MD5...: 69cca5cd2fa1b12648f26e270cacae40
SHA1..: c6970187d00a1bf82f09b432e4bbe177f96d8314
SHA256: bca054fad03890a6a1978336526a5eb10357a36f87b3fc5e398043a3fb82225b
SHA512: db9db6e34fc413c737b2891381c301b532f46e1d9c9de6b65975798fc443aaed
a6f466f9cc77af8bc539ec66cf09d06e59fb5201c6dd102645f89c2c26d5d76f
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10001756
timedatestamp.....: 0x4533465b (Mon Oct 16 08:44:11 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3eb6 0x4000 6.55 697a7070b48ff3fae5a4d8065696beb5
.rdata 0x5000 0x1322 0x2000 3.45 60d266875c393b81624cccadc63b8f15
.data 0x7000 0x11bc 0x1000 2.10 20aacedfc47be8c9a5a706f58d6d8a56
.reloc 0x9000 0xb52 0x1000 2.87 b94c8418e3ce4045697b7162f779387c

( 3 imports )
> KERNEL32.dll: CreateProcessA, GetSystemDirectoryA, CopyFileA, DeleteFileA, RtlUnwind, GetCurrentThreadId, TlsSetValue, GetCommandLineA, GetVersionExA, TlsFree, SetLastError, TlsGetValue, GetLastError, TlsAlloc, ExitProcess, GetProcAddress, GetModuleHandleA, HeapFree, HeapAlloc, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, WriteFile, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, GetCPInfo, LeaveCriticalSection, EnterCriticalSection, GetLocaleInfoA, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, InitializeCriticalSection, LoadLibraryA, VirtualProtect, GetSystemInfo, VirtualQuery, LCMapStringA, LCMapStringW
> USER32.dll: SendMessageA, RegisterWindowMessageA
> ADVAPI32.dll: RegCloseKey, RegOpenKeyExA, RegQueryInfoKeyA, RegEnumKeyExA, RegQueryValueExA, RegSetValueExA, RegCreateKeyA

( 3 exports )
GetAegis, InstallNWDLService, fnKill

Results for Dss

Deckard's System Scanner v20071014.68
Run by Monju on 2008-08-18 17:37:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.73 GiB (less than 15%) free.

-- HijackThis (run as Monju.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:44, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Monju\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Monju.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility.\Gear511.exe -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RapidCheck] C:\Program Files\RapidCheck\RapidCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Netgear Wireless Domain Login Service (NWDLS) - Unknown owner - C:\WINDOWS\system32\NWDLS.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

--
End of file - 10896 bytes

-- Files created between 2008-07-18 and 2008-08-18 -----------------------------

2008-08-18 12:33:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-18 12:33:23 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-17 17:26:56 48396 --a------ C:\WINDOWS\UninstVeetleTVPlayer.exe
2008-08-17 17:26:56 0 d-------- C:\Program Files\Veetle
2008-08-15 22:06:09 0 d-------- C:\Program Files\RapidCheck
2008-08-15 20:47:47 0 dr-h----- C:\Documents and Settings\Monju\Recent
2008-08-11 21:09:15 0 d-------- C:\Program Files\URUSoft
2008-08-11 16:16:42 0 d-------- C:\Documents and Settings\Monju\Application Data\Adobe
2008-08-11 16:10:13 0 d-------- C:\Program Files\Veoh Networks
2008-08-09 21:25:55 0 d--hs---- C:\found.001
2008-08-04 15:21:26 0 d-------- C:\Documents and Settings\Monju\Application Data\Nero
2008-08-04 15:16:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-04 15:16:56 0 d-------- C:\Program Files\Common Files\Nero
2008-08-04 13:51:50 0 d-------- C:\BFU
2008-08-04 12:15:28 0 d-------- C:\Documents and Settings\Monju\Application Data\Malwarebytes
2008-08-04 12:15:23 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 12:15:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-02 15:23:50 0 d-------- C:\Documents and Settings\Monju\Application Data\TVU Networks
2008-08-02 15:23:50 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-02 15:23:36 0 d-------- C:\Documents and Settings\Monju\LocalLow
2008-08-02 15:23:30 0 d-------- C:\Program Files\TVUPlayer
2008-07-29 12:13:12 0 d-------- C:\Program Files\MSXML 6.0
2008-07-29 12:11:06 0 d-------- C:\Program Files\MSXML 4.0
2008-07-28 17:06:43 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-28 16:44:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-28 16:10:09 0 d--hs---- C:\found.000
2008-07-27 19:48:23 0 d-------- C:\Program Files\SopCast
2008-07-26 20:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-26 20:23:11 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-26 20:22:38 0 d-------- C:\Program Files\Rosetta Stone
2008-07-26 20:22:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-07-26 17:58:13 0 d-------- C:\Program Files\Trend Micro
2008-07-26 16:28:20 0 d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-26 16:23:50 0 d-------- C:\Program Files\LogMeIn
2008-07-26 15:52:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-26 15:17:05 36864 -----n--- C:\WINDOWS\system32\kill.dll
2008-07-26 15:16:57 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-26 15:16:43 221184 --a------ C:\WINDOWS\Unin511T.exe <Not Verified; ; NetgearRev Application>
2008-07-26 15:16:43 221184 --a------ C:\WINDOWS\Inst511T.exe <Not Verified; ; NetgearRev Application>
2008-07-26 15:16:41 0 d-------- C:\Program Files\NETGEAR
2008-07-26 15:10:44 393216 --a------ C:\WINDOWS\system32\WG511TFCS.exe <Not Verified; NetGear; FCS Service>
2008-07-26 15:10:44 155745 -----n--- C:\WINDOWS\system32\installservice.exe
2008-07-26 15:10:44 102400 --a------ C:\WINDOWS\system32\ASupplicant.dll <Not Verified; Ambit Microsystems; ASupplicant Dynamic Link Library>
2008-07-26 15:10:44 17801 --a------ C:\WINDOWS\system32\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-26 15:01:39 16194 --a------ C:\WINDOWS\system32\AWINDIS5.SYS <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
2008-07-26 15:01:39 73728 --a------ C:\WINDOWS\system32\AW32n50.dll <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 DLL for Windows>
2008-07-22 15:30:18 0 d--h----- C:\WINDOWS\system32\GroupPolicy

-- Find3M Report ---------------------------------------------------------------

2008-08-18 17:27:31 0 d-------- C:\Documents and Settings\Monju\Application Data\Free Download Manager
2008-08-18 17:26:45 0 d-------- C:\Documents and Settings\Monju\Application Data\VersionTracker Pro
2008-08-18 17:26:40 0 d-------- C:\Documents and Settings\Monju\Application Data\DMCache
2008-08-18 15:59:11 0 d-------- C:\Program Files\Eraser
2008-08-18 12:21:53 0 d-------- C:\Program Files\Messenger
2008-08-17 23:10:10 0 d-------- C:\Documents and Settings\Monju\Application Data\OpenOffice.org2
2008-08-15 16:08:38 0 d-------- C:\Documents and Settings\Monju\Application Data\uTorrent
2008-08-13 15:07:35 0 d-------- C:\Documents and Settings\Monju\Application Data\IDM
2008-08-11 16:11:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-04 15:16:57 0 d-------- C:\Program Files\Nero
2008-08-04 15:16:56 0 d-------- C:\Program Files\Common Files
2008-08-04 15:01:56 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-27 17:46:35 0 d-------- C:\Program Files\AviSynth 2.5
2008-07-26 20:06:35 0 d-------- C:\Program Files\Java
2008-07-18 14:57:23 0 d-------- C:\Documents and Settings\Monju\Application Data\LimeWire
2008-07-16 15:04:47 0 d-------- C:\Program Files\Internet Download Manager
2008-07-16 12:53:50 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-14 10:12:13 0 d-------- C:\Program Files\Lx_cats
2008-07-13 22:45:33 0 d-------- C:\Program Files\Xilisoft
2008-07-11 23:16:49 0 d-------- C:\Program Files\BitComet
2008-07-11 18:38:19 0 d-------- C:\Program Files\YourWare Solutions
2008-07-11 18:16:29 0 d-------- C:\Program Files\Foxit Software
2008-07-11 15:49:44 155648 --a------ C:\WINDOWS\system32\stuninstall.exe <Not Verified; -; Uninstall>
2008-07-11 15:46:29 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-11 14:49:03 0 d-------- C:\Program Files\Siber Systems
2008-07-11 14:11:30 0 d-------- C:\Documents and Settings\Monju\Application Data\Real
2008-07-11 14:09:02 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-11 14:08:58 0 d-------- C:\Program Files\Common Files\Real
2008-07-11 14:08:41 0 d-------- C:\Program Files\Real
2008-07-11 09:43:46 0 d-------- C:\Program Files\O2
2008-07-11 09:27:39 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-06-20 16:17:30 0 d-------- C:\Program Files\Sony Ericsson
2008-06-20 16:05:42 0 d-------- C:\Documents and Settings\Monju\Application Data\Teleca
2008-06-19 23:25:49 0 d-------- C:\Documents and Settings\Monju\Application Data\Sony Ericsson
2008-06-19 23:25:34 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-06-19 23:25:33 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-19 17:08:18 0 d-------- C:\Program Files\CCleaner
2008-06-19 17:05:07 0 d-------- C:\Documents and Settings\Monju\Application Data\CBL-Electronics
2008-06-19 16:55:24 0 d-------- C:\Program Files\PartyGaming
2008-06-19 16:24:08 0 d-------- C:\Program Files\Smart Projects
2008-06-19 15:04:57 0 d-------- C:\Program Files\DVD Decrypter
2008-06-12 19:36:38 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-04 23:03:11 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-31 00:22:46 683520 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 23:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 23:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>

-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; Access is denied.
ComSpec: C:\WINDOWS\system32\cmd.exe

-- End of Deckard's System Scanner: finished at 2008-08-18 17:38:04 ------------

#17
fenzodahl512

Posted 18 August 2008 - 12:42 PM

Malware Removal
9,863 posts

Please show hidden files and folders

Please find these files >> group them in a folder and then zip the folder.. Please visit here if you do not know how..

C:\h6o0re.cmd
C:\Limit.exe

Then, Please go HERE to submit the zipped folder..

Don't forget to enter your email address and click on the I agree to be bound by the Terms and Conditions box.. Then press on the Submit button..

Please wait for about 10-20 minutes.. Then, open your email address and look for the ThreatExpert Report.. Copy/Paste the link to your report here..

NEXT

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
[kill explorer]
C:\h6o0re.cmd
C:\Limit.exe
EmptyTemp
purity
[start explorer]
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NEXT

Please download THIS FILE and save it direct to your C:\WINDOWS folder..

Then, do below..

Please copy (Control+C) and paste (Control+V) the following code into the Notepad.

SWXCACLS "C:\WINDOWS\system32\cmd.exe">>"%USERPROFILE%"\Desktop\lihat.txt"

Save it in Desktop as peek.bat and in Save as type: choose All Files

A new batch file (peek.bat) will then created on your desktop. Just double-click the file. A window will open and suddenly close, this is normal.

A new file lihat.txt will be created on your Desktop, Post the content in your next reply

If you do not sure how to make a batch file, please visit HERE for the tutorial.

Please post me these logs in your next reply,,

1. ThreatExpert result link
2. OTMoveIt2
3. lihat.txt content..

Regards
fenzodahl512

#18
monzy

Posted 20 August 2008 - 03:48 AM

Member

Topic Starter
Member
11 posts

Hi, Sorry it took so long to reply, i did everything the other day and i was sure i posted it. But here is just the dss i will have to do the kaspersky now so i will post later on today. Thanks

Deckard's System Scanner v20071014.68
Run by Monju on 2008-08-20 10:43:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 2.82 GiB (less than 15%) free.

-- HijackThis (run as Monju.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:25, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fum\fum.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Monju\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Monju.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility.\Gear511.exe -hide
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [RapidCheck] C:\Program Files\RapidCheck\RapidCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Netgear Wireless Domain Login Service (NWDLS) - Unknown owner - C:\WINDOWS\system32\NWDLS.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

--
End of file - 11182 bytes

-- Files created between 2008-07-20 and 2008-08-20 -----------------------------

2008-08-19 16:26:19 0 d-------- C:\Program Files\Subtitles modifier
2008-08-18 22:47:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-18 22:47:46 0 d-------- C:\Documents and Settings\Monju\Application Data\Azureus
2008-08-18 22:38:50 0 d-------- C:\Program Files\AskSBar
2008-08-18 22:38:04 0 d-------- C:\Program Files\Vuze
2008-08-18 22:10:46 0 dr-h----- C:\Documents and Settings\Monju\Recent
2008-08-18 12:33:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-18 12:33:23 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-17 17:26:56 48396 --a------ C:\WINDOWS\UninstVeetleTVPlayer.exe
2008-08-17 17:26:56 0 d-------- C:\Program Files\Veetle
2008-08-15 22:06:09 0 d-------- C:\Program Files\RapidCheck
2008-08-11 21:09:15 0 d-------- C:\Program Files\URUSoft
2008-08-11 16:16:42 0 d-------- C:\Documents and Settings\Monju\Application Data\Adobe
2008-08-11 16:10:13 0 d-------- C:\Program Files\Veoh Networks
2008-08-09 21:25:55 0 d--hs---- C:\found.001
2008-08-04 15:21:26 0 d-------- C:\Documents and Settings\Monju\Application Data\Nero
2008-08-04 15:16:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-04 15:16:56 0 d-------- C:\Program Files\Common Files\Nero
2008-08-04 13:51:50 0 d-------- C:\BFU
2008-08-04 12:15:28 0 d-------- C:\Documents and Settings\Monju\Application Data\Malwarebytes
2008-08-04 12:15:23 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 12:15:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-02 15:23:50 0 d-------- C:\Documents and Settings\Monju\Application Data\TVU Networks
2008-08-02 15:23:50 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-08-02 15:23:36 0 d-------- C:\Documents and Settings\Monju\LocalLow
2008-08-02 15:23:30 0 d-------- C:\Program Files\TVUPlayer
2008-07-29 12:13:12 0 d-------- C:\Program Files\MSXML 6.0
2008-07-29 12:11:06 0 d-------- C:\Program Files\MSXML 4.0
2008-07-28 17:06:43 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-28 16:44:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-28 16:10:09 0 d--hs---- C:\found.000
2008-07-27 19:48:23 0 d-------- C:\Program Files\SopCast
2008-07-26 20:39:13 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-26 20:23:11 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-26 20:22:38 0 d-------- C:\Program Files\Rosetta Stone
2008-07-26 20:22:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-07-26 17:58:13 0 d-------- C:\Program Files\Trend Micro
2008-07-26 16:28:20 0 d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-26 16:23:50 0 d-------- C:\Program Files\LogMeIn
2008-07-26 15:52:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-26 15:17:05 36864 -----n--- C:\WINDOWS\system32\kill.dll
2008-07-26 15:16:57 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-26 15:16:43 221184 --a------ C:\WINDOWS\Unin511T.exe <Not Verified; ; NetgearRev Application>
2008-07-26 15:16:43 221184 --a------ C:\WINDOWS\Inst511T.exe <Not Verified; ; NetgearRev Application>
2008-07-26 15:16:41 0 d-------- C:\Program Files\NETGEAR
2008-07-26 15:10:44 393216 --a------ C:\WINDOWS\system32\WG511TFCS.exe <Not Verified; NetGear; FCS Service>
2008-07-26 15:10:44 155745 -----n--- C:\WINDOWS\system32\installservice.exe
2008-07-26 15:10:44 102400 --a------ C:\WINDOWS\system32\ASupplicant.dll <Not Verified; Ambit Microsystems; ASupplicant Dynamic Link Library>
2008-07-26 15:10:44 17801 --a------ C:\WINDOWS\system32\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-26 15:01:39 16194 --a------ C:\WINDOWS\system32\AWINDIS5.SYS <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
2008-07-26 15:01:39 73728 --a------ C:\WINDOWS\system32\AW32n50.dll <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 DLL for Windows>
2008-07-22 15:30:18 0 d--h----- C:\WINDOWS\system32\GroupPolicy

-- Find3M Report ---------------------------------------------------------------

2008-08-20 10:43:37 0 d-------- C:\Documents and Settings\Monju\Application Data\Free Download Manager
2008-08-20 10:40:44 0 d-------- C:\Documents and Settings\Monju\Application Data\VersionTracker Pro
2008-08-20 10:40:35 0 d-------- C:\Documents and Settings\Monju\Application Data\DMCache
2008-08-20 00:23:14 0 d-------- C:\Program Files\Eraser
2008-08-19 16:24:02 0 d-------- C:\Documents and Settings\Monju\Application Data\OpenOffice.org2
2008-08-18 22:37:23 0 d-------- C:\Documents and Settings\Monju\Application Data\uTorrent
2008-08-18 12:21:53 0 d-------- C:\Program Files\Messenger
2008-08-13 15:07:35 0 d-------- C:\Documents and Settings\Monju\Application Data\IDM
2008-08-11 16:11:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-04 15:16:57 0 d-------- C:\Program Files\Nero
2008-08-04 15:16:56 0 d-------- C:\Program Files\Common Files
2008-08-04 15:01:56 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-27 17:46:35 0 d-------- C:\Program Files\AviSynth 2.5
2008-07-26 20:06:35 0 d-------- C:\Program Files\Java
2008-07-18 14:57:23 0 d-------- C:\Documents and Settings\Monju\Application Data\LimeWire
2008-07-16 15:04:47 0 d-------- C:\Program Files\Internet Download Manager
2008-07-16 12:53:50 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-14 10:12:13 0 d-------- C:\Program Files\Lx_cats
2008-07-13 22:45:33 0 d-------- C:\Program Files\Xilisoft
2008-07-11 23:16:49 0 d-------- C:\Program Files\BitComet
2008-07-11 18:38:19 0 d-------- C:\Program Files\YourWare Solutions
2008-07-11 18:16:29 0 d-------- C:\Program Files\Foxit Software
2008-07-11 15:49:44 155648 --a------ C:\WINDOWS\system32\stuninstall.exe <Not Verified; -; Uninstall>
2008-07-11 15:46:29 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-11 14:49:03 0 d-------- C:\Program Files\Siber Systems
2008-07-11 14:11:30 0 d-------- C:\Documents and Settings\Monju\Application Data\Real
2008-07-11 14:09:02 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-11 14:08:58 0 d-------- C:\Program Files\Common Files\Real
2008-07-11 14:08:41 0 d-------- C:\Program Files\Real
2008-07-11 09:43:46 0 d-------- C:\Program Files\O2
2008-07-11 09:27:39 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-06-20 16:17:30 0 d-------- C:\Program Files\Sony Ericsson
2008-06-20 16:05:42 0 d-------- C:\Documents and Settings\Monju\Application Data\Teleca
2008-06-12 19:36:38 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-04 23:03:11 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-31 00:22:46 683520 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 23:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 23:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>

-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; Access is denied.
ComSpec: C:\WINDOWS\system32\cmd.exe

-- End of Deckard's System Scanner: finished at 2008-08-20 10:43:58 ------------

#19
monzy

Posted 20 August 2008 - 03:54 AM

Member

Topic Starter
Member
11 posts

Please ignore the last post for some weird reason it did not show that i added the post i thought i did last time. And now it shows up on the reply page. Weird.

#20
fenzodahl512

Posted 20 August 2008 - 04:41 AM

Malware Removal
9,863 posts

Please ignore the last post for some weird reason it did not show that i added the post i thought i did last time. And now it shows up on the reply page. Weird.

Ok.. waiting for the results that I asked for

#21
monzy

Posted 20 August 2008 - 12:11 PM

Member

Topic Starter
Member
11 posts

Hi, i am going to reinstall windows xp because there is some weird stuff going on with my computer. its annoying and i think i have a lot of viruses. if the applications still dont work i will post a dss tomorrow if it does i will inform you of that aswell.

Thanks

#22
fenzodahl512

Posted 20 August 2008 - 01:59 PM

Malware Removal
9,863 posts

Hi, i am going to reinstall windows xp because there is some weird stuff going on with my computer. its annoying and i think i have a lot of viruses. if the applications still dont work i will post a dss tomorrow if it does i will inform you of that aswell.

Thanks

Hi.. Do you mean re-install or re-format?.. Make sure you backup all data needed.. Either way, just inform me about it

#23
monzy

Posted 21 August 2008 - 09:28 AM

Member

Topic Starter
Member
11 posts

Hi, Thanks for all your help. You were right i re formated my computer. It seemed to have done the trick. My computer was just goinig insane on me it was even opening a program called limit and it was turning my computer off every 15 mins. But i think it has done the trick by reformatting.

Thanks again for all your help.

#24
fenzodahl512

Posted 21 August 2008 - 10:18 AM

Malware Removal
9,863 posts

Thanks for letting me know monzy.. I will now close this topic and marked it as resolved..

Please take some time to read these excellent articles by miekiemoes..
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Thanks again

fenzodahl512

#25
fenzodahl512

Posted 21 August 2008 - 10:19 AM

Malware Removal
9,863 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.