Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

really big problem [RESOLVED]

Started by 8cimi , Aug 01 2008 08:11 PM

This topic is locked

#16
8cimi

Posted 03 August 2008 - 09:18 AM

Member

Topic Starter
Member
71 posts

extra txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron™ Processor 2600+
Percentage of Memory in Use: 15%
Physical Memory (total/avail): 2047.48 MiB / 1727.5 MiB
Pagefile Memory (total/avail): 2662.33 MiB / 2500.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.45 MiB

C: is Fixed (NTFS) - 232.88 GiB total, 93.77 GiB free.
D: is CDROM (UDF)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500KS-00MJB0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Opera 9\\Opera.exe"="C:\\Program Files\\Opera 9\\Opera.exe:*:Disabled:Opera Internet Browser"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:µTorrent"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Disabled:DC++"
"C:\\Silkroad\\SilkErrSender.exe"="C:\\Silkroad\\SilkErrSender.exe:*:Disabled:FTPSender MFC ?? ????"
"C:\\Silkroad\\ag\\nuConnector70.exe"="C:\\Silkroad\\ag\\nuConnector70.exe:*:Disabled:nuConnector70"
"C:\\Silkroad\\Silkroad.exe"="C:\\Silkroad\\Silkroad.exe:*:Disabled:Silkroad"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Disabled:WinDVD"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jesus\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JESUS-4JOY2PVC7
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jesus
LOGONSERVER=\\JESUS-4JOY2PVC7
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jesus\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jesus\LOCALS~1\Temp
USERDOMAIN=JESUS-4JOY2PVC7
USERNAME=Jesus
USERPROFILE=C:\Documents and Settings\Jesus
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Jesus (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Absolute Poker --> C:\Program Files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Bazooka Scanner --> "C:\Program Files\Bazooka Scanner\Uninstall.exe" "C:\Program Files\Bazooka Scanner\install.log"
DC++ 0.699 --> "C:\Program Files\DC++\uninstall.exe"
HiDownload --> "C:\Program Files\StreamingStar\HiDownload\unins000.exe"
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Jesus\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
OpenMG Limited Patch 3.2-03-01-31-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-01-31-01\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-02-07-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-07-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F33B80-6244-4A70-A233-0DA13B640364}\setup.exe" -l0x9 UNINSTALL
Opera 9 --> C:\PROGRA~1\OPERA9~1\uninst\unwise.exe C:\PROGRA~1\OPERA9~1\uninst\install.log
Pepakura Viewer2 --> "C:\Program Files\tamasoftware\pepakuraviewer2\epuninst.exe" /s
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.42 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Saitek SD6 Programming Software 6.0.10.7 --> MsiExec.exe /X{DC6CD4F8-6AF8-4B47-A25A-9D9560D3845E}
Scientific-Atlanta WebSTAR 2000 series Cable Modem --> UNDPX2A.EXE
Sheep Friends - Billy 1.03 --> "C:\Program Files\Sheep Friends\Billy\unins000.exe"
Silkroad --> C:\Silkroad\Remove.Exe
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WinFast® Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x9 -removeonly
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type3121 / Warning
Event Submitted/Written: 08/02/2008 05:11:31 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type3120 / Warning
Event Submitted/Written: 08/02/2008 05:11:21 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type3069 / Error
Event Submitted/Written: 08/01/2008 05:01:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application bndfxdh.exe, version 0.0.0.0, faulting module bndfxdh.exe, version 0.0.0.0, fault address 0x00000154.
Processing media-specific event for [bndfxdh.exe!ws!]

Event Record #/Type3062 / Error
Event Submitted/Written: 08/01/2008 11:12:55 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application bndfxdh.exe, version 0.0.0.0, faulting module bndfxdh.exe, version 0.0.0.0, fault address 0x00000154.
Processing media-specific event for [bndfxdh.exe!ws!]

Event Record #/Type3009 / Error
Event Submitted/Written: 07/27/2008 04:43:28 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sro_client.exe, version 0.0.0.0, faulting module sro_client.exe, version 0.0.0.0, fault address 0x005c46b3.
Processing media-specific event for [sro_client.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type22020 / Error
Event Submitted/Written: 08/03/2008 10:35:38 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Remote Access Connection Manager service terminated with service-specific error 998 (0x3E6).

Event Record #/Type22018 / Error
Event Submitted/Written: 08/03/2008 10:35:38 AM
Event ID/Source: 20063 / Rasman
Event Description:
Remote Access Connection Manager failed to start because the Point to Point
Protocol failed to initialize. Invalid access to memory location.

Event Record #/Type22017 / Error
Event Submitted/Written: 08/03/2008 10:35:38 AM
Event ID/Source: 20151 / RemoteAccess
Event Description:
The Control Protocol EAP in the Point to Point Protocol module C:\WINDOWS\System32\rasppp.dll returned an
error while initializing. Invalid access to memory location.

Event Record #/Type22016 / Error
Event Submitted/Written: 08/03/2008 10:35:38 AM
Event ID/Source: 20070 / RemoteAccess
Event Description:
Point to Point Protocol engine was unable to load the C:\WINDOWS\System32\rastls.dll module. Invalid access to memory location.

Event Record #/Type22000 / Error
Event Submitted/Written: 08/03/2008 10:35:00 AM / 08/03/2008 10:35:30 AM
Event ID/Source: 9 / iviVD
Event Description:
The device, \Device\Scsi\iviVD1, did not respond within the timeout period.

-- End of Deckard's System Scanner: finished at 2008-08-03 10:41:22 ------------

#17
8cimi

Posted 03 August 2008 - 09:19 AM

Member

Topic Starter
Member
71 posts

Main txt:

Deckard's System Scanner v20071014.68
Run by Jesus on 2008-08-03 10:40:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 5 Restore Point(s) --
6: 2008-08-03 14:37:37 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-08-02 19:47:07 UTC - RP5 - ComboFix created restore point
4: 2008-08-02 19:30:27 UTC - RP4 - ComboFix created restore point
3: 2008-08-02 19:29:29 UTC - RP3 - ComboFix created restore point
2: 2008-08-02 19:27:27 UTC - RP2 - ComboFix created restore point

-- First Restore Point --
1: 2008-08-02 17:11:51 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-03 10:41:00
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jesus\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jesus\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Jesus\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 3877 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>
R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
R3 SaiNtBus - c:\windows\system32\drivers\saibus.sys <Not Verified; Saitek; Configuration Software>

S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys (file missing)
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-08-03 10:35:24 486 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job

-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-02 17:07:53 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-08-02 15:26:46 68096 --a------ C:\WINDOWS\zip.exe
2008-08-02 15:26:46 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-02 15:26:46 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-02 15:26:46 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-02 15:26:46 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-02 15:26:46 98816 --a------ C:\WINDOWS\sed.exe
2008-08-02 15:26:46 80412 --a------ C:\WINDOWS\grep.exe
2008-08-02 15:26:46 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-01 02:18:06 0 dr-h----- C:\Documents and Settings\Jesus\Recent
2008-07-31 16:53:46 102 --a------ C:\emsf.bat
2008-07-07 13:47:16 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-07 10:50:58 0 d-------- C:\Program Files\Lavasoft
2008-07-07 10:50:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 10:50:53 0 d-------- C:\Program Files\StreamingStar
2008-07-07 10:47:39 0 d-------- C:\WINDOWS\system32\WinFox
2008-07-07 10:47:39 0 d-------- C:\WINDOWS\system32\WinFast
2008-07-07 10:47:26 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-07 10:47:26 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-07 10:47:26 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-07 10:47:26 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-07 10:47:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-04 18:43:25 6553600 --a------ C:\Documents and Settings\Jesus\ntuser.dat

-- Find3M Report ---------------------------------------------------------------

2008-08-02 16:30:51 0 d-------- C:\Program Files\Common Files
2008-08-01 01:45:21 0 d-------- C:\Program Files\Bazooka Scanner
2008-07-07 10:50:48 0 d-------- C:\Documents and Settings\Jesus\Application Data\uTorrent
2008-07-07 10:50:00 0 d------c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-07 10:47:49 0 d-------- C:\Program Files\tamasoftware
2008-07-07 10:47:22 0 d-------- C:\Documents and Settings\Jesus\Application Data\U3
2008-07-07 10:46:50 0 d-------- C:\Program Files\Absolute Poker
2008-07-07 10:46:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 10:33:29 0 d-------- C:\Program Files\Apple Software Update
2008-07-07 10:33:28 0 d-------- C:\Program Files\QuickTime
2008-06-28 23:32:27 0 d-------- C:\Documents and Settings\Jesus\Application Data\dvdcss
2008-06-23 17:23:19 0 d-------- C:\Program Files\Widestep Software
2008-06-23 15:30:13 0 d-------- C:\Program Files\Windows Live
2008-06-21 21:44:13 0 d-------- C:\Program Files\DC++
2008-06-10 14:37:34 0 d-------- C:\Program Files\Saitek
2008-06-07 16:06:31 0 d-------- C:\Program Files\Common Files\Apple

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [10/02/2007 10:10 AM]
"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [10/02/2007 10:10 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/29/2004 04:50 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 06:34 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [08/20/2002 11:29 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/29/2004 04:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ezShieldProtector for Px"=C:\WINDOWS\system32\ezSP_Px.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c594d57-6061-11dc-8e27-a4c471764370}]
AutoRun\command- LinksysConnectPC.exe

-- End of Deckard's System Scanner: finished at 2008-08-03 10:41:22 ------------

#18
8cimi

Posted 03 August 2008 - 09:32 AM

Member

Topic Starter
Member
71 posts

I havd to click 'Cancel' when it asked me if I wanted to d/l hijackthis or run the clone hijack this, because the program closed if i clicked yes or no, only cancel option worked. ill try again if need be.

#19
Essexboy

Posted 03 August 2008 - 09:33 AM

GeekU Moderator

Retired Staff
69,964 posts

OK it now looks better. I would like you now to go to control panel > Add/Remove and select avast antivirus. If you scroll down on the left you will find a repair option, select that (you will need to be online) Allow the repair and reboot

THEN

Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

c:\sro_client.exe /s
c:\bndfxdh.exe /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
Purity

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Please download ATF Cleaner by Atribune.
This program is for XP, Vista and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you could now let me know what problems you are experiencing after you have completed the above

#20
8cimi

Posted 03 August 2008 - 09:51 AM

Member

Topic Starter
Member
71 posts

ok well, some problems regarding your next set of instructions, under add or remove programs I see no avast program, and second where would OTMoveIt2.exe be located? i looked in the OTscanIT folder on my desktop but I did not see it there.

#21
Essexboy

Posted 03 August 2008 - 09:56 AM

GeekU Moderator

Retired Staff
69,964 posts

OK I saw Avast had been disabled as you will need an AV. I will give the instructions for downloading and installing

As for OTMoveit I missed out one line in the instructions - like download it

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

c:\sro_client.exe /s
c:\bndfxdh.exe /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
Purity
Purity

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

THEN

Please go HERE and download avast! 4 Home Edition to your desktop. Locate the file that you just downloaded, double-click on the file to launch the installation of avast!

Click Next on the avast! Setup window and on the next window with the ReadMe File.
Now you will see the Legal Agreement, just click I agree, and then click Next to continue.

You will be prompted with Configuration window, make sure that you choose Typical configuration and then click Next. Click Next to the windows that will follow, when the installation will finish, you will be given an option to schedule a boot time scan, select No

Now you have to restart your machine, select Restart and then click Finish.

After you restart you will get a message about avast! it will give you the general "Hello and Thank you for choosing our Product." Also after you restart you will notice 2 new icons in the bottom right corner of the screen.

VERY IMPORTANT - after restarting, right click on the a in the taskbar and select Updating, then highlight and click Program.

You will get popup after its done updating. If avast! had to download anything for your computer you may get a message asking you to restart.

After you have updated avast! right click the small icon a in task bar and click Start Avast! AntiVirus

Click Program Registration and you will be taken to their website. Fill out the form and then check you e-mail. Once you get an e-mail from them (usually about 1 minute after submitting the form) copy and paste the serial they provided into the highlighted box. Then click ok.

After this, you will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial HERE it may make it easier to you to follow the steps.

Next, choose

Scan all local disks
scan archive files
click on Schedule

On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

The boot log will be located here C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt

#22
8cimi

Posted 03 August 2008 - 10:22 AM

Member

Topic Starter
Member
71 posts

Grrr why me ? ><

ok so otmoveit when i click i get the 0x0000005 error

#23
Essexboy

Posted 03 August 2008 - 10:25 AM

GeekU Moderator

Retired Staff
69,964 posts

OK install avast and we will then check your file integrity

#24
8cimi

Posted 03 August 2008 - 11:17 AM

Member

Topic Starter
Member
71 posts

ok so i downlaoded and actualyl got it to install, it went to reboot, and as it was booting a light blue screen came up and i guess it was avast checking the system, the thing is, im not sure if i did somethign wrong (?) ( i should have taken a digi pic) it asked me if i was certain of a file being in a folder, and I had 3 choices hit
1:yes
2:no
3:not sure

and sometimes after i would hit either yes or no, it would ask a list of options to press, delete delte all move move all.
I had no idea what to press, most of the time I pressed delete all...
all in all it finnaly booted up (it finished 2 min ago) and I still get the same 4 error windows when the pc booted up.

and last avast said it had an error trying to update.

#25
8cimi

Posted 03 August 2008 - 11:18 AM

Member

Topic Starter
Member
71 posts

oh and i still cant install OTmoveit

#26
8cimi

Posted 03 August 2008 - 01:17 PM

Member

Topic Starter
Member
71 posts

uhmm.. are you trying to hack me? or trying to give me more problems? avast scan said otscanit was a trojan.

#27
Essexboy

Posted 03 August 2008 - 01:48 PM

GeekU Moderator

Retired Staff
69,964 posts

OTScanit detection is a false positive. Could you locate the boot.txt and post it so I can see what it found

C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt

#28
8cimi

Posted 03 August 2008 - 01:50 PM

Member

Topic Starter
Member
71 posts

08/03/2008 12:33
Scan of all local drives

File C:\Documents and Settings\Jesus\Desktop\OTScanIt\catchme.exe is infected by Win32:Trojan-gen {Other}, Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_\02F15025\49981515\[UPX] is infected by Win32:OnLineGames-BSI [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_Documents and Settings\Jesus\Local Settings\Temp\c8.jpg.exe\[UPX] is infected by Win32:Delf-FYH [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_Documents and Settings\Jesus\Local Settings\Temp\ck3.jpg.exe\[UPX] is infected by Win32:Delf-EQR [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_Documents and Settings\Jesus\Local Settings\Temp\sa.jpg.exe\[UPX] is infected by Win32:Delf-DUO [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_Program Files\Internet Explorer\IEXPLORE32.Dat is infected by Win32:Delf-EQR [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_Program Files\Internet Explorer\IEXPLORE32.Sys is infected by Win32:Delf-DUO [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_Program Files\Internet Explorer\IEXPLORE32.win is infected by Win32:Delf-FYH [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys is infected by Win32:OnLineGames-BSI [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\aliens.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\baccops.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\businesn.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\ccohole.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\cmopes.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\ddserh.dll is infected by Win32:OnLineGames-DQP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\dearnts.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\esceps.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\hourpx2.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\joause.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\jolinos.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\ksuserfy.dll is infected by Win32:Nilage-NP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\manleu.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\mttwfh.dll is infected by Win32:OnLineGames-DQP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\olecli32pt.dll is infected by Win32:Nilage-NP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\sgdewg.dll is infected by Win32:OnLineGames-DQP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\tdggrz.dll is infected by Win32:OnLineGames-DQP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\therbrek.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\tiplict.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\usbmonjx2.dll is infected by Win32:Nilage-NP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\wcnonpe.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\wdhotem.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\wdhotemk.exe\[UPX] is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\xolehlpjh.dll is infected by Win32:Nilage-NP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\zlcdps.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\Documents and Settings\Jesus\Desktop\OTScanIt\MovedFiles\08022008_144649\C_WINDOWS\system32\zycdex.dll is infected by Win32:OnLineGames-DQP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP1\A0000013.dll is infected by Win32:Adware-gen [Adw], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001294.exe is infected by Win32:Trojan-gen {Other}, Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001295.exe\[UPX] is infected by Win32:Delf-FYH [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001296.exe\[UPX] is infected by Win32:Delf-EQR [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001297.exe\[UPX] is infected by Win32:Delf-DUO [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001298.Sys is infected by Win32:Delf-DUO [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001299.Sys is infected by Win32:OnLineGames-BSI [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001300.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001301.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001302.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001303.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001304.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001305.dll is infected by Win32:OnLineGames-DQP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001306.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001307.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001308.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001309.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001310.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001311.dll is infected by Win32:Nilage-NP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001312.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001313.dll is infected by Win32:OnLineGames-DQP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001314.dll is infected by Win32:Nilage-NP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001315.dll is infected by Win32:OnLineGames-DQP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001316.dll is infected by Win32:OnLineGames-DQP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001317.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001318.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001319.dll is infected by Win32:Nilage-NP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001320.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001321.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001322.exe\[UPX] is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001323.dll is infected by Win32:Nilage-NP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001324.dll is infected by Win32:Agent-ZRP [Trj], Deleted
File C:\System Volume Information\_restore{A848852A-D6E9-400B-A9E1-CCF057D7467F}\RP6\A0001325.dll is infected by Win32:OnLineGames-DQP [Trj], Deleted
File C:\WINDOWS\system32\ascbalo3N.dll is infected by Win32:Adware-gen [Adw], Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Move to chest: Error 0xC0000034 {Object Name not found.}, Deleted
File C:\WINDOWS\system32\ascbalon.dll is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\WINDOWS\system32\ghjsw.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
File C:\WINDOWS\system32\tree.com\[Upack] is infected by Win32:Agent-ZRI [Trj], Moved to chest
File C:\WINDOWS\system32\zxdtye.dll is infected by Win32:Trojan-gen {Other}, Moved to chest
Number of searched folders: 4537
Number of tested files: 44087
Number of infected files: 73

and im sorry (really) if i offended you, its just maybe I am/was getting a little paranoid.

#29
Essexboy

Posted 03 August 2008 - 02:01 PM

GeekU Moderator

Retired Staff
69,964 posts

No offence there as Avast alerted me yesterday that it thought it was a trojan, I am just waiting for it to be updated in the next VPS

The good part though is that we aoppear to have got rid of nearly all the malware, so it is now more of a repair job

Could you now tell me exactly what problems you are still experiencing and I will look for fixes

#30
8cimi

Posted 03 August 2008 - 02:23 PM

Member

Topic Starter
Member
71 posts

im still getting the original 4 error meseges on boot up, and I just found out I can NOT uninstall anything, ive tried using a different program to uninstall and nothing worked.

thats what i can think of off the top of my head, also the appearance of windows is still like windowsxp (task bar is round and blue) instad of liek classic (grey and more symetrical)