Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post Unable to use HJT
Go to first new post Files keep deleting themselves! NEED HEL ...
Go to first new post Trojan virus
Go to first new post Windows Update not working
Go to first new post Search Conduit Virus
Go to first new post Bsod!!!!
Go to first new post Infected with "Police Cybercrime In ...
Go to first new post virus n error loading problem
Go to first new post Please check my log...Computer running S ...
Go to first new post Memory upgrade problems.
Go to first new post Browser & other programs running slo ...
Go to first new post Computer Crime and Intellectual Property ...
Go to first new post Unable to turn on Windows Security Centr ...
Go to first new post only command prompt apears on boot
Go to first new post Browser shutdown
Search Search
Search for:
Tech Support Guy Forums > > >

Annoying problems.

(In Progress)
(!)

Reply
theguz's Avatar
Junior Member with 3 posts.
THREAD STARTER
  
Join Date: Oct 2010
07-Oct-2010, 02:44 PM #1
Annoying problems.
Hello there. I have an annoying problem from several days. My internet connection randomly stops and when I try to reconnect, I can't. When that happen, the explorer starts using 100 % of the CPU and I have to kill it from the TM. When restart it, I can't even click on the icon that starts my network connection. I'm using PPPOE connection. Also , my explorer randomly gets to 100 %. I tried everything - chkdsk.exe, sfc/scannow etc, etc. Nothing helps. Also tried several anti-adware/spyware programs.

So, here are the logs as you required:

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:36 PM, on 10/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\nlssrv32.exe
F:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\taskmgr.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\Hide Folders XP 2\hfxp.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\Datecs\Flex2K.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\Program Files\Opera\Opera.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adventurersbg.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - F:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Music Alarm Clock] F:\PROGRA~1\MUSICA~1\mac.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "F:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKCU\..\Run: [Skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [hfxp] "F:\Program Files\Hide Folders XP 2\hfxp.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: FlexType 2K.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10F373C6-E689-4F4C-B38A-4EFF9B557A6C}: NameServer = 213.91.149.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{10F373C6-E689-4F4C-B38A-4EFF9B557A6C}: NameServer = 213.91.149.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - F:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - F:\WINDOWS\system32\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - F:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - F:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6026 bytes

DDS.txt log:


DDS (Ver_10-10-05.01) - NTFSx86
Run by ArchiMonDe at 20:50:31.45 on ·ҐІўє°ІєЄ 10/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.1023.415 [GMT 3:00]


============== Running Processes ===============

F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost -k DcomLaunch
F:\WINDOWS\system32\svchost -k rpcss
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
F:\WINDOWS\system32\svchost.exe -k NetworkService
F:\WINDOWS\system32\nlssrv32.exe
F:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\taskmgr.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Skype\Phone\Skype.exe
F:\Program Files\Hide Folders XP 2\hfxp.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\Datecs\Flex2K.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\Program Files\Opera\Opera.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Documents and Settings\ArchiMonDe\Desktop\dds.scr
F:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://adventurersbg.info
mWinlogon: Userinit=f:\windows\system32\userinit.exe
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - f:\program files\daemon tools toolbar\DTToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Skype] "f:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [hfxp] "f:\program files\hide folders xp 2\hfxp.exe" /s
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "f:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Music Alarm Clock] f:\progra~1\musica~1\mac.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [NvMediaCenter] RUNDLL32.EXE f:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE f:\windows\system32\NvCpl.dll,NvStartup
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NVMixerTray] "f:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE
StartupFolder: f:\docume~1\archim~1\startm~1\programs\startup\stardo~1.lnk - f:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - f:\windows\datecs\Flex2K.exe
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {10F373C6-E689-4F4C-B38A-4EFF9B557A6C} = 213.91.149.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: cryptnet32 - cryptnet32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\wpdshserviceobj.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - f:\program files\stardock\object desktop\iconpackager\iprepair.dll

============= SERVICES / DRIVERS ===============

R0 HFXP2;HFXP2;f:\windows\system32\drivers\hfxp2.sys [2010-7-21 17264]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;f:\windows\system32\drivers\nvcchflt.sys [2010-3-1 16640]
R2 nlsX86cc;Nalpeiron Licensing Service;f:\windows\system32\nlssrv32.exe [2010-3-11 63488]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;f:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-4-1 1050440]
R2 WinFLdrv;WinFLdrv;f:\windows\system32\WinFLdrv.sys [2010-7-7 17984]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;f:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-24 10064]
S2 anxfumek;Center Boot;f:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;f:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
S2 kasbuea;Network Windows;f:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 nazevtlb;Network Image;f:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 qkbtmakqv;Helper Shell;f:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 cpuz132;cpuz132;f:\docume~1\archim~1\locals~1\temp\cpuz132\cpuz132_x32.sys [2010-5-8 12672]
S3 hipeer20;Remobo Instant Private Network;f:\windows\system32\drivers\remobo32.sys [2009-4-22 26112]
S3 TAPBIND;TAPBIND;f:\docume~1\archim~1\locals~1\temp\_istmp1.dir\_istmp0.dir\ TAPBIND1.SYS [2010-4-3 44544]

=============== Created Last 30 ================

2010-10-07 15:13:45 -------- d-----w- F:\443
2010-10-07 13:47:57 -------- d-----w- f:\program files\common files\NVIDIA Shared
2010-10-07 13:47:22 176128 ----a-w- f:\windows\system32\nvuaudio.exe
2010-10-07 13:47:08 176128 ------w- f:\windows\system32\nvuide.exe
2010-10-07 13:37:58 -------- d-----w- f:\program files\Driver-Soft
2010-10-07 13:26:46 -------- d-----w- f:\documents and settings\all users\Uniblue
2010-10-07 13:26:37 -------- d-----w- f:\docume~1\archim~1\applic~1\Uniblue
2010-10-04 10:58:27 17152 ----a-w- f:\windows\system32\drivers\IsDrv118.sys
2010-10-04 10:23:16 -------- d-----w- f:\program files\SystemRequirementsLab
2010-10-01 22:53:15 -------- d-----w- f:\docume~1\alluse~1\applic~1\KONAMI
2010-10-01 19:37:01 -------- d-----w- f:\docume~1\archim~1\applic~1\BSplayer PRO
2010-09-30 16:07:35 -------- d-----w- f:\program files\Emsisoft Anti-Malware
2010-09-30 15:39:12 -------- d-----w- f:\program files\Lavasoft
2010-09-29 00:01:12 -------- d-----w- f:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-09-28 23:28:50 887912 ----a-w- f:\windows\system32\nvdispco32.dll
2010-09-28 23:28:50 813672 ----a-w- f:\windows\system32\nvgenco32.dll
2010-09-28 18:34:18 -------- d-----w- f:\program files\DAEMON Tools Toolbar
2010-09-28 18:34:07 -------- d-----w- f:\program files\DAEMON Tools Lite
2010-09-22 18:50:36 -------- d-----w- f:\program files\Alcohol Soft
2010-09-22 15:25:01 -------- d-----w- f:\program files\MMGame
2010-09-19 21:09:50 -------- d-----w- f:\program files\iPod
2010-09-19 21:09:49 -------- d-----w- f:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-19 21:06:56 -------- d-----w- f:\program files\Bonjour
2010-09-13 19:31:53 -------- d-----w- f:\docume~1\alluse~1\applic~1\Awem
2010-09-13 19:31:13 -------- d-----w- f:\program files\ReflexiveArcade
2010-09-13 07:50:31 -------- d-----w- f:\program files\Cradle Of Persia
2010-09-13 04:48:50 -------- d-----w- F:\WRFromDisk

==================== Find3M ====================

2010-10-07 13:33:07 577536 ----a-w- f:\windows\SOUNDMAN.EXE
2010-10-07 13:33:07 4122368 ----a-w- f:\windows\system32\drivers\ALCXWDM.SYS
2010-10-07 13:33:07 217088 ----a-w- f:\windows\Alcrmv.exe
2010-10-07 13:33:07 147456 ----a-w- f:\windows\system32\RTLCPAPI.dll
2010-10-07 13:32:57 10528768 ----a-w- f:\windows\system32\RTLCPL.EXE
2010-10-07 13:32:56 18804736 ----a-w- f:\windows\system32\ALSNDMGR.CPL
2010-09-28 23:48:41 60416 ----a-w- f:\windows\ALCFDRTM.VER
2010-09-11 06:46:00 6358912 ----a-w- f:\windows\system32\nv4_disp.dll.tmp
2010-08-30 14:40:40 98304 ----a-w- f:\windows\system32CmdLineExt.dll
2010-08-21 22:58:39 418480 ----a-w- f:\windows\system32\wrap_oal.dll
2010-08-10 02:15:58 94208 ----a-w- f:\windows\system32\QuickTimeVR.qtx
2010-08-10 02:15:58 69632 ----a-w- f:\windows\system32\QuickTime.qts
2010-07-27 15:44:10 91424 ----a-w- f:\windows\system32\dnssd.dll
2010-07-27 15:44:10 197920 ----a-w- f:\windows\system32\dnssdX.dll
2010-07-27 15:44:10 107808 ----a-w- f:\windows\system32\dns-sd.exe
2010-07-09 22:38:00 604776 ----a-w- f:\windows\system32\nvudisp.exe
2008-03-09 04:25:10 236 ----a-w- f:\program files\common files\dx.reg

============= FINISH: 20:51:08.12 ===============
The Attach file

And the ark.txt log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-07 20:58:54
Windows 5.1.2600 Service Pack 3
Running: wsjnj8s0.exe


---- Services - GMER 1.0.15 ----

Service F:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] anxfumek <-- ROOTKIT !!!
Service F:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] kasbuea <-- ROOTKIT !!!
Service F:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nazevtlb <-- ROOTKIT !!!
Service F:\WINDOWS\system32\DRIVERS\nvmini.sys (*** hidden *** ) [AUTO] nvmini <-- ROOTKIT !!!
Service F:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] qkbtmakqv <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\anxfumek@DisplayName Center Boot
Reg HKLM\SYSTEM\CurrentControlSet\Services\anxfumek@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\anxfumek@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\anxfumek@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\anxfumek@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\anxfumek@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\anxfumek@Description Provides the endpoint mapper and other miscellaneous RPC services.
Reg HKLM\SYSTEM\CurrentControlSet\Services\anxfumek\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\anxfumek\Parameters@ServiceDll F:\WINDOWS\system32\fsbgmohl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kasbuea@DisplayName Network Windows
Reg HKLM\SYSTEM\CurrentControlSet\Services\kasbuea@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\kasbuea@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\kasbuea@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kasbuea@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\kasbuea@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\kasbuea@Description Manages user-mode driver host processes
Reg HKLM\SYSTEM\CurrentControlSet\Services\kasbuea\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\kasbuea\Parameters@ServiceDll F:\WINDOWS\system32\fsbgmohl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\nazevtlb@DisplayName Network Image
Reg HKLM\SYSTEM\CurrentControlSet\Services\nazevtlb@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\nazevtlb@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\nazevtlb@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\nazevtlb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\nazevtlb@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\nazevtlb@Description Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\nazevtlb\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\nazevtlb\Parameters@ServiceDll F:\WINDOWS\system32\fsbgmohl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini
Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@ImagePath system32\DRIVERS\nvmini.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@DisplayName NVIDIA Compatible Windows Miniport Driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@Tag 7
Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini@Group Pointer Port
Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\nvmini\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\qkbtmakqv@DisplayName Helper Shell
Reg HKLM\SYSTEM\CurrentControlSet\Services\qkbtmakqv@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\qkbtmakqv@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\qkbtmakqv@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\qkbtmakqv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\qkbtmakqv@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\qkbtmakqv@Description Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\qkbtmakqv\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\qkbtmakqv\Parameters@ServiceDll F:\WINDOWS\system32\fsbgmohl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04@ujdew 0x3C 0x75 0x49 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@hdf12 0xC2 0xF3 0x6B 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@p0 F:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001@hdf12 0xD5 0xE6 0x53 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC\00000001\gdq0@hdf12 0x63 0x01 0x77 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\anxfumek@DisplayName Center Boot
Reg HKLM\SYSTEM\ControlSet002\Services\anxfumek@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\anxfumek@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\anxfumek@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\anxfumek@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\anxfumek@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\anxfumek@Description Provides the endpoint mapper and other miscellaneous RPC services.
Reg HKLM\SYSTEM\ControlSet002\Services\anxfumek\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\anxfumek\Parameters@ServiceDll F:\WINDOWS\system32\fsbgmohl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kasbuea@DisplayName Network Windows
Reg HKLM\SYSTEM\ControlSet002\Services\kasbuea@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\kasbuea@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\kasbuea@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\kasbuea@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\kasbuea@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\kasbuea@Description Manages user-mode driver host processes
Reg HKLM\SYSTEM\ControlSet002\Services\kasbuea\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kasbuea\Parameters@ServiceDll F:\WINDOWS\system32\fsbgmohl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\nazevtlb@DisplayName Network Image
Reg HKLM\SYSTEM\ControlSet002\Services\nazevtlb@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\nazevtlb@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\nazevtlb@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\nazevtlb@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\nazevtlb@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\nazevtlb@Description Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\nazevtlb\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\nazevtlb\Parameters@ServiceDll F:\WINDOWS\system32\fsbgmohl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\nvmini (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\nvmini@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\nvmini@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\nvmini@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\nvmini@ImagePath system32\DRIVERS\nvmini.sys
Reg HKLM\SYSTEM\ControlSet002\Services\nvmini@DisplayName NVIDIA Compatible Windows Miniport Driver
Reg HKLM\SYSTEM\ControlSet002\Services\nvmini@Tag 7
Reg HKLM\SYSTEM\ControlSet002\Services\nvmini@Group Pointer Port
Reg HKLM\SYSTEM\ControlSet002\Services\nvmini\Security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\nvmini\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\qkbtmakqv@DisplayName Helper Shell
Reg HKLM\SYSTEM\ControlSet002\Services\qkbtmakqv@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\qkbtmakqv@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\qkbtmakqv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\qkbtmakqv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\qkbtmakqv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\qkbtmakqv@Description Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet002\Services\qkbtmakqv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\qkbtmakqv\Parameters@ServiceDll F:\WINDOWS\system32\fsbgmohl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4@ujdew 0x3C 0x75 0x49 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@hdf12 0xE6 0x49 0x49 0x6D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@p0 F:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@hdf12 0xD5 0xE6 0x53 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0@hdf12 0x63 0x01 0x77 0x87 ...

---- Files - GMER 1.0.15 ----

File F:\Documents and Settings\ArchiMonDe\Application Data\Sun\Java\AU 0 bytes
File F:\Documents and Settings\ArchiMonDe\Application Data\Sun\Java\AU\au.cab 576194 bytes
File F:\Documents and Settings\ArchiMonDe\Application Data\Sun\Java\AU\au.msi 183808 bytes
File F:\Documents and Settings\ArchiMonDe\Application Data\systemfl.$dk 990 bytes
File F:\Documents and Settings\ArchiMonDe\Local Settings\Temp\WZSE0.TMP\autorun.inf 29 bytes
File F:\Program Files\TGTSoft\StyleXP\Boot 0 bytes
File F:\Program Files\TGTSoft\StyleXP\Boot\BITMAP00001.BMP 13972 bytes
File F:\Program Files\TGTSoft\StyleXP\Boot\BITMAP00002.BMP 580 bytes
File F:\Program Files\TGTSoft\StyleXP\Boot\BITMAP00003.BMP 1052 bytes
File F:\Program Files\TGTSoft\StyleXP\Boot\BITMAP00004.BMP 228 bytes
File F:\Program Files\TGTSoft\StyleXP\Boot\BITMAP00008.BMP 228 bytes
File F:\Program Files\TGTSoft\StyleXP\Boot\BITMAP00013.BMP 2278 bytes
File F:\Program Files\TGTSoft\StyleXP\Boot\BootPreview.html 244 bytes
File F:\WINDOWS\system32\sys_drv.dat 6024 bytes
File F:\WINDOWS\system32\sys_drv_2.dat 5020 bytes
File F:\WINDOWS\system32\linkinfo.dll 19968 bytes executable
File F:\WINDOWS\system32\WinFLdrv.sys 17984 bytes executable <-- ROOTKIT !!!
File F:\WINDOWS\system32\drivers\nvmini.sys 17152 bytes executable <-- ROOTKIT !!!
File F:\WINDOWS\Resources\Boot 0 bytes
File F:\WINDOWS\Resources\Boot\Code 7.bootskin 59030 bytes
File F:\WINDOWS\Resources\Boot\PirateIII.bootscreen 17027 bytes

---- Services - GMER 1.0.15 ----

Service F:\WINDOWS\system32\WinFLdrv.sys [AUTO] WinFLdrv <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
theguz's Avatar
Junior Member with 3 posts.
THREAD STARTER
  
Join Date: Oct 2010
09-Oct-2010, 04:44 PM #2
anyone ?
theguz's Avatar
Junior Member with 3 posts.
THREAD STARTER
  
Join Date: Oct 2010
26-Oct-2010, 01:44 PM #3
You guys are slow... sorry for that but it's the truth. I've been waiting for like 3 weeks and still no answer. Thanks for your understanding.
JSntgRvr's Avatar
Moderator & Malware Removal Specialist with 16,602 posts.
  
Join Date: Jul 2003
Location: Puerto Rico
Experience: Advanced
26-Oct-2010, 03:12 PM #4
Hi, theguz

Welcome.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
__________________
Unanswered threads for 5 days will no longer be part of my subscriptions.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Solved: Screen Resolution problem Shauntilbs Windows 7 4 07-Oct-2010 04:34 PM
Java problem, Need help Biscoo All Other Software 19 28-Aug-2010 02:31 AM
Hiya i got a annoying problem Elly5002 All Other Software 3 08-Feb-2009 10:20 AM
problem solved-very annoying problem-help! HellRzr Hardware 1 07-Jan-2008 04:54 PM
help,Problems,annoying problems, cody10 Windows XP 11 14-Dec-2007 10:49 AM

TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 01:11 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑