1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

helppppppppppppp please

Discussion in 'Virus & Other Malware Removal' started by chechiarts, Aug 24, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. chechiarts

    chechiarts Thread Starter

    Joined:
    Jun 22, 2007
    Messages:
    74
    well my ploblem is that for some reason the computer is slow and sometimes the internet browser do no want to display web pages and the anti virus finds some items that cant delete i reallly need help
     
  2. racenutalways

    racenutalways

    Joined:
    Mar 10, 2005
    Messages:
    313
    Hello chechiarts and welcome TSG, let's run some scans and see what it reports, then we can get busy cleaning any infections you may have.

    * Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
    SUPERAntiSpyware Home Edition (free version) - Download - Home Page

    1. Install it and double-click the icon on your desktop to run it.
    2. It will ask if you want to update the program definitions, click Yes.
    3. Under Configuration and Preferences, click the Preferences button.
    4. Click the Scanning Control tab.
    5. Under Scanner Options make sure the following are checked:

    1. Close browsers before scanning
    2. Scan for tracking cookies
    3. Terminate memory threats before quarantining.
    4. Please leave the others unchecked.
    5. Click the Close button to leave the control center screen.

    6. On the main screen, under Scan for Harmful Software click Scan your computer.
    7. On the left check C:\Fixed Drive.
    8. On the right, under Complete Scan, choose Perform Complete Scan.
    9. Click Next to start the scan. Please be patient while it scans your computer.
    10. After the scan is complete a summary box will appear. Click OK.
    11. Make sure everything in the white box has a check next to it, then click Next.
    12. It will quarantine what it found and if it asks if you want to reboot, click Yes.
    13. To retrieve the removal information for me please do the following:

    1. After reboot, double-click the SUPERAntispyware icon on your desktop.
    2. Click Preferences. Click the Statistics/Logs tab.
    3. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    4. It will open in your default text editor (such as Notepad/Wordpad).
    5. Please highlight everything in the notepad, then right-click and choose copy.

    14. Click close and close again to exit the program.
    15. Save the log information. If needed (still infected) paste this info along with your HijackThis log.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
     
  3. chechiarts

    chechiarts Thread Starter

    Joined:
    Jun 22, 2007
    Messages:
    74
    well i cant go to the panda because the brouwser do sometimes do not work bu here the first 2 o yea my msn mesenger say somethin about dns and key ports

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:13:33 AM, on 8/31/07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {1E94557F-6C8F-40B3-AC84-4167DACFB907} - C:\WINDOWS\System32\pmkhi.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {CC16DBDB-6285-4BF0-8E62-B05F5D40410b} - C:\WINDOWS\system32\dtlfqxdj.dll (file missing)
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    O4 - HKLM\..\Run: [Microsoft Setup Initialization] rundll32.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] rundll32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1187885426859
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188325652453
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181758753014
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: °¸€ - °¸€ (file missing)
    O20 - Winlogon Notify:  ° ¸ € -  ° ¸ € (file missing)
    O20 - Winlogon Notify: (ÐØ€ - (ÐØ€ (file missing)
    O20 - Winlogon Notify: 0Øà€ - 0Øà€ (file missing)
    O20 - Winlogon Notify: 8àè€ - 8àè€ (file missing)
    O20 - Winlogon Notify: @èð€ - @èð€ (file missing)
    O20 - Winlogon Notify: h€ - h€ (file missing)
    O20 - Winlogon Notify: instcat - instcat.dll (file missing)
    O20 - Winlogon Notify: p € - p € (file missing)
    O20 - Winlogon Notify: X - X (file missing)
    O20 - Winlogon Notify: `€ - `€ (file missing)
    O20 - Winlogon Notify: ¸`h€ - ¸`h€ (file missing)
    O20 - Winlogon Notify: Àhp€ - Àhp€ (file missing)
    O20 - Winlogon Notify: àˆ€ - àˆ€ (file missing)
    O20 - Winlogon Notify: Èpx€ - Èpx€ (file missing)
    O20 - Winlogon Notify: 𘠀 - 𘠀 (file missing)
    O20 - Winlogon Notify: ˜@H€ - ˜@H€ (file missing)
    O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\System32\svshost.dll (file missing)
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 6314 bytes






    SUPERAntiSpyware Scan Log
    Generated 08/31/2007 at 12:09 PM

    Application Version : 3.6.1000

    Core Rules Database Version : 3297
    Trace Rules Database Version: 1306

    Scan type : Complete Scan
    Total Scan Time : 02:29:21

    Memory items scanned : 353
    Memory threats detected : 0
    Registry items scanned : 4596
    Registry threats detected : 12
    File items scanned : 77860
    File threats detected : 53

    Trojan.WinFixer
    HKLM\Software\Classes\CLSID\{1E94557F-6C8F-40B3-AC84-4167DACFB907}
    HKCR\CLSID\{1E94557F-6C8F-40B3-AC84-4167DACFB907}
    HKCR\CLSID\{1E94557F-6C8F-40B3-AC84-4167DACFB907}\InprocServer32
    HKCR\CLSID\{1E94557F-6C8F-40B3-AC84-4167DACFB907}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\PMKHI.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E94557F-6C8F-40B3-AC84-4167DACFB907}

    Trojan.Backdoor-SVSHost
    HKLM\Software\Classes\CLSID\{D7FFD784-5276-42D1-887B-00267870A4C7}
    HKCR\CLSID\{D7FFD784-5276-42D1-887B-00267870A4C7}
    HKCR\CLSID\{D7FFD784-5276-42D1-887B-00267870A4C7}\InProcServer32
    C:\WINDOWS\SYSTEM32\SVSHOST.DLL
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SysRun
    HKCR\CLSID\{D7FFD784-5276-42D1-887B-00267870A4C7}

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Cookies\[email protected][1].txt
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\[email protected]4.adbrite[1].txt
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\[email protected][2].txt
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\[email protected][2].txt
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\[email protected][2].txt
    C:\Documents and Settings\LocalService.NT AUTHORITY.002\Cookies\[email protected][1].txt

    Adware.IPWins
    HKU\.DEFAULT\Software\IpWins
    HKU\S-1-5-18\Software\IpWins

    Trojan.Downloader-Gen/WinPop
    C:\Program Files\WinPop

    Adware.SurfSideKick
    C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\U10F.BAT

    Trojan.Downloader-Gen/Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{EDF73E7B-9223-48F2-B2B8-1E7B3E8987F7}\RP29\A0012505.EXE

    Adware.Jraun/WinEssential
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{EDF73E7B-9223-48F2-B2B8-1E7B3E8987F7}\RP59\A0093636.EXE
     
  4. racenutalways

    racenutalways

    Joined:
    Mar 10, 2005
    Messages:
    313
    Panda only works with Internet Explorer.

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
     
  5. chechiarts

    chechiarts Thread Starter

    Joined:
    Jun 22, 2007
    Messages:
    74
    Deckard's System Scanner v20070826.66
    Run by Owner on 2007-09-01 15:26:48
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    System Restore is disabled; attempting to re-enable...success.


    -- Last 1 Restore Point(s) --
    1: 2007-09-01 22:27:25 UTC - RP1 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 126 MiB (512 MiB recommended).


    -- HijackThis (run as Owner.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:13:33 AM, on 8/31/07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {1E94557F-6C8F-40B3-AC84-4167DACFB907} - C:\WINDOWS\System32\pmkhi.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {CC16DBDB-6285-4BF0-8E62-B05F5D40410b} - C:\WINDOWS\system32\dtlfqxdj.dll (file missing)
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    O4 - HKLM\..\Run: [Microsoft Setup Initialization] rundll32.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] rundll32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1187885426859
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188325652453
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181758753014
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: °¸€ - °¸€ (file missing)
    O20 - Winlogon Notify:  ° ¸ € -  ° ¸ € (file missing)
    O20 - Winlogon Notify: (ÐØ€ - (ÐØ€ (file missing)
    O20 - Winlogon Notify: 0Øà€ - 0Øà€ (file missing)
    O20 - Winlogon Notify: 8àè€ - 8àè€ (file missing)
    O20 - Winlogon Notify: @èð€ - @èð€ (file missing)
    O20 - Winlogon Notify: h€ - h€ (file missing)
    O20 - Winlogon Notify: instcat - instcat.dll (file missing)
    O20 - Winlogon Notify: p € - p € (file missing)
    O20 - Winlogon Notify: X - X (file missing)
    O20 - Winlogon Notify: `€ - `€ (file missing)
    O20 - Winlogon Notify: ¸`h€ - ¸`h€ (file missing)
    O20 - Winlogon Notify: Àhp€ - Àhp€ (file missing)
    O20 - Winlogon Notify: àˆ€ - àˆ€ (file missing)
    O20 - Winlogon Notify: Èpx€ - Èpx€ (file missing)
    O20 - Winlogon Notify: 𘠀 - 𘠀 (file missing)
    O20 - Winlogon Notify: ˜@H€ - ˜@H€ (file missing)
    O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\System32\svshost.dll (file missing)
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 6314 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 bdftdif - c:\program files\common files\bitdefender\bitdefender firewall\bdftdif.sys <Not Verified; BitDefender SRL; BitDefender 11>
    R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
    R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
    R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; SOFTWIN srl.; BitDefender>
    R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
    R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

    S1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing)
    S2 FILESpy - c:\program files\softwin\bitdefender9\filespy.sys (file missing)
    S2 REGSpy - c:\program files\softwin\bitdefender9\regspy.sys (file missing)
    S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
    S3 nocashio - c:\windows\system32\drivers\nocashio.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S4 DomainService - c:\windows\system32\yqkcwcur.exe /service (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2007-09-01 15:05:40 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


    -- Files created between 2007-08-01 and 2007-09-01 -----------------------------

    2007-08-31 12:51:35 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-08-31 09:56:59 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
    2007-08-31 09:27:30 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
    2007-08-31 09:24:46 0 d-------- C:\Program Files\SUPERAntiSpyware
    2007-08-31 09:24:43 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\SUPERAntiSpyware.com
    2007-08-31 09:22:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-31 09:11:31 0 d-------- C:\Program Files\Trend Micro
    2007-08-27 16:21:48 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\Tibia
    2007-08-27 16:19:28 0 d-------- C:\Program Files\Tibia
    2007-08-26 20:29:26 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\Bitdefender
    2007-08-26 20:26:29 0 d-------- C:\Program Files\BitDefender
    2007-08-26 20:26:29 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
    2007-08-26 20:19:40 0 d-------- C:\Program Files\Common Files\BitDefender
    2007-08-23 15:14:44 92160 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
    2007-08-23 15:14:40 0 d-------- C:\Program Files\MagicDisc
    2007-08-23 14:24:11 0 d-------- C:\Program Files\VVSN
    2007-08-23 13:51:56 96256 --a------ C:\WINDOWS\system32\drivers\sptd8173.sys
    2007-08-23 13:51:56 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-08-22 16:00:26 0 d-------- C:\95bc5e5b3fa5a4757e21f9b1b463
    2007-08-19 13:53:11 0 d-------- C:\Program Files\Reality Pump
    2007-08-17 21:41:07 4096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys
    2007-08-14 09:56:38 0 d-------- C:\ConverterOutput
    2007-08-13 15:46:21 0 d-------- C:\Program Files\AVTJet Studio
    2007-08-13 14:46:45 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
    2007-08-13 14:46:45 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
    2007-08-13 14:46:44 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
    2007-08-13 14:46:44 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
    2007-08-13 14:46:40 0 d-------- C:\Program Files\Cucusoft
    2007-08-04 15:28:16 0 d-------- C:\NDSSAVE
    2007-08-04 15:25:30 0 d-------- C:\Program Files\M3 GAME Manager
    2007-08-03 09:51:04 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
    2007-08-01 17:31:09 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\Help


    -- Find3M Report ---------------------------------------------------------------

    2007-08-31 09:22:17 0 d-------- C:\Program Files\Common Files
    2007-08-30 19:51:05 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\uTorrent
    2007-08-28 18:04:59 0 d-------- C:\Program Files\eMule
    2007-08-26 21:28:14 0 d-------- C:\Program Files\GameSpy Arcade
    2007-08-26 20:57:45 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-08-24 23:49:40 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\LimeWire
    2007-08-23 16:52:21 0 d-------- C:\Program Files\Deskshare
    2007-08-23 14:54:26 0 d-------- C:\Program Files\DAEMON Tools
    2007-08-16 13:16:23 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-08-03 09:59:15 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\UseNeXT
    2007-07-23 04:32:30 0 d-------- C:\Program Files\DOSBox-0.65
    2007-07-23 04:18:50 0 d-------- C:\Program Files\Loonies
    2007-07-20 15:54:30 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; Softwin; Softwin BitDefender Communicator>
    2007-07-18 23:34:12 169472 --a------ C:\ReinMoonMakeIcon.exe
    2007-07-08 13:10:23 0 d-------- C:\Program Files\MSN Messenger
    2007-06-26 14:33:28 2798 --ah----- C:\WINDOWS\system32\klog.dat
    2007-06-26 11:41:32 2232320 --a------ C:\Program Files\Tibia.exe <Not Verified; CipSoft GmbH; Tibia Player>
    2007-06-24 12:33:10 56 -r-hs---- C:\WINDOWS\system32\C080412B15.sys
    2007-06-16 15:20:23 14 --a------ C:\WINDOWS\system32\getfile.dat
    2007-06-14 15:56:01 3286 --a------ C:\WINDOWS\mozver.dat
    2007-06-13 18:17:47 0 --a------ C:\WINDOWS\nsreg.dat
    2007-06-13 18:16:25 99965 --a------ C:\WINDOWS\UninstallFirefox.exe
    2007-06-13 13:29:46 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2007-06-13 11:38:05 2 --a------ C:\611686717
    2007-06-13 06:21:26 62 --ahs---- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\desktop.ini
    2007-06-08 15:52:22 88379 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC16DBDB-6285-4BF0-8E62-B05F5D40410b}]
    C:\WINDOWS\system32\dtlfqxdj.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BDSwitchAgent"="C:\Program Files\Softwin\BitDefender9\bdswitch.exe" []
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/06 08:20 PM]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/07 03:43 AM]
    "SMSERIAL"="sm56hlpr.exe" [06/19/03 09:49 AM C:\WINDOWS\sm56hlpr.exe]
    "PC Booster"="C:\Program Files\inKline Global\PC Booster\PCBooster.exe" [06/26/02 01:10 PM]
    "Microsoft Setup Initialization"="rundll32.exe" [08/04/04 12:56 AM C:\WINDOWS\system32\rundll32.exe]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/04 10:31 PM]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/04 10:31 PM]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/04 10:32 PM]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [06/16/04 04:03 AM]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/16/04 04:03 AM]
    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [08/07/07 07:19 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/04 12:56 AM]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/07 11:39 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "Microsoft Setup Initialization"=rundll32.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Start Menu\Programs\Startup\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [8/23/07 3:14:43 PM]

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/99 3:05:56 PM]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/06 12:55 PM 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°¸€]
    °¸€

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/07 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\(ÐØ€]
    (ÐØ€

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\0Øà€]
    0Øà€

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\8àè€]
    8àè€

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\@èð€]
    @èð€

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\h€]
    h€

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\instcat]
    instcat.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\p €]
    p €

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\X]
    X

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\`€]
    `€

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\¸`h€]
    ¸`h€

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Àhp€]
    Àhp€

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\àˆ€]
    àˆ€

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Èpx€]
    Èpx€

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\𘠀]
    𘠀

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\˜@H€]
    ˜@H€

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx scan


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44786BE0-68AC-AD0F-F0FC-DEE2D9062794}]
    C:\WINDOWS\system32\System\tmpwin.exe s

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\Microsoft\cfgmgr.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CE7F324C-E742-BF9B-37E5-A16FD8856B2C}]
    C:\WINDOWS\system32\drincdn.dll.exe s



    -- End of Deckard's System Scanner: finished at 2007-09-01 15:34:25 ------------
     
  6. chechiarts

    chechiarts Thread Starter

    Joined:
    Jun 22, 2007
    Messages:
    74
    Deckard's System Scanner v20070826.66
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Home Edition (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 1.80GHz
    Percentage of Memory in Use: 77%
    Physical Memory (total/avail): 125.98 MiB / 28.64 MiB
    Pagefile Memory (total/avail): 402.38 MiB / 80.59 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1968.31 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 76.68 GiB total, 29.85 GiB free.
    D: is CDROM (No Media)
    E: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 76.69 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 76.68 GiB - C:



    -- Security Center -------------------------------------------------------------

    AUOptions is disabled.
    Windows Internal Firewall is disabled.

    AntiVirusDisableNotify is set.
    UpdatesDisableNotify is set.
    AntivirusOverride is set.

    FW: Bitdefender Firewall v8.0 (BitDefender)
    AV: Bitdefender Antivirus v8.0 (BitDefender) Disabled

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\WINDOWS\\system32\\yqkcwcur.exe"="C:\\WINDOWS\\system32\\yqk"
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
    APPDATA=C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=CHECHIAR-FF6NDH
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Owner.CHECHIAR-FF6NDH
    LOGONSERVER=\\CHECHIAR-FF6NDH
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0207
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\OWNER~1.CHE\LOCALS~1\Temp
    TMP=C:\DOCUME~1\OWNER~1.CHE\LOCALS~1\Temp
    USERDOMAIN=CHECHIAR-FF6NDH
    USERNAME=Owner
    USERPROFILE=C:\Documents and Settings\Owner.CHECHIAR-FF6NDH
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Owner.CHECHIAR-FF6NDH (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    Action Replay Code Manager --> "C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    BitDefender Total Security 2008 --> MsiExec.exe /I{0F25993F-A294-4F9B-B794-E30EBBF7F86A}
    Camera Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
    DOSShell 1.4 --> C:\Program Files\Loonies\DOSShell\uninst.exe
    Earth 2150 - Lost Souls --> C:\PROGRA~1\REALIT~1\LOSTSO~1\UNWISE.EXE C:\PROGRA~1\REALIT~1\LOSTSO~1\INSTALL.LOG
    eMule --> "C:\Program Files\eMule\Uninstall.exe"
    Free Internet TV v6.2 --> "C:\Program Files\Free Internet TV\unins000.exe"
    GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
    Intel(R) PRO Network Connections Drivers --> Prounstl.exe
    J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    LimeWire PRO 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
    M3 GAME Manager Uninstall --> C:\Program Files\M3 GAME Manager\Uninstall.exe
    MagicDisc 2.5.77 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
    MAX DS Video Converter --> "C:\Program Files\Datel\MAX DS Video Converter\unins000.exe"
    Media Converter SA Edition --> "C:\Program Files\Media Converter SA Edition\uninstall.exe"
    Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
    RPG Maker 2003 v1.04 --> "C:\Program Files\rpg2003\unins000.exe"
    RPG Maker XP - Postality Knights Edition ENHANCED --> MsiExec.exe /I{6F45C51F-A0E8-4547-83C8-CCDD4B0E4877}
    RPGXP --> MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
    Screen Movie Studio --> C:\PROGRA~1\SCREEN~1\UNWISE.EXE C:\PROGRA~1\SCREEN~1\INSTALL.LOG
    SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    Tibia --> "C:\Program Files\Tibia\unins000.exe"
    UseNeXT --> "C:\Program Files\UseNeXT\unins000.exe"
    VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type2017 / Error
    Event Submitted/Written: 09/01/2007 03:31:05 PM
    Event ID/Source: 8 / crypt32
    Event Description:
    Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

    Event Record #/Type2016 / Error
    Event Submitted/Written: 09/01/2007 03:31:04 PM
    Event ID/Source: 8 / crypt32
    Event Description:
    Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

    Event Record #/Type2014 / Warning
    Event Submitted/Written: 09/01/2007 03:02:42 PM
    Event ID/Source: 1015 / EvntAgnt
    Event Description:
    TraceLevel parameter not located in registry;
    Default trace level used is 32.

    Event Record #/Type2013 / Warning
    Event Submitted/Written: 09/01/2007 03:02:42 PM
    Event ID/Source: 1003 / EvntAgnt
    Event Description:
    TraceFileName parameter not located in registry;
    Default trace file used is .

    Event Record #/Type2011 / Warning
    Event Submitted/Written: 09/01/2007 02:02:07 PM
    Event ID/Source: 1015 / EvntAgnt
    Event Description:
    TraceLevel parameter not located in registry;
    Default trace level used is 32.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type13829 / Error
    Event Submitted/Written: 09/01/2007 03:19:07 PM
    Event ID/Source: 1000 / Dhcp
    Event Description:
    Your computer has lost the lease to its IP address 192.168.100.11 on the
    Network Card with network address 00096B5570BF.

    Event Record #/Type13828 / Warning
    Event Submitted/Written: 09/01/2007 03:19:07 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 00096B5570BF. The following
    error occurred:
    %%121.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.

    Event Record #/Type13827 / Error
    Event Submitted/Written: 09/01/2007 03:10:33 PM
    Event ID/Source: 32003 / ipnathlp
    Event Description:
    The Network Address Translator (NAT) was unable to request an operation
    of the kernel-mode translation module.
    This may indicate misconfiguration, insufficient resources, or
    an internal error.
    The data is the error code.

    Event Record #/Type13826 / Error
    Event Submitted/Written: 09/01/2007 03:10:30 PM
    Event ID/Source: 1000 / Dhcp
    Event Description:
    Your computer has lost the lease to its IP address 192.168.100.11 on the
    Network Card with network address 00096B5570BF.

    Event Record #/Type13825 / Warning
    Event Submitted/Written: 09/01/2007 03:10:30 PM
    Event ID/Source: 1003 / Dhcp
    Event Description:
    Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 00096B5570BF. The following
    error occurred:
    %%121.
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.



    -- End of Deckard's System Scanner: finished at 2007-09-01 15:34:25 ------------
     
  7. chechiarts

    chechiarts Thread Starter

    Joined:
    Jun 22, 2007
    Messages:
    74
    wend i want to repair the conetion i wont do it it say can complete the repai i can come to this
    with luck because sometime doent want to display any pages
     
  8. chechiarts

    chechiarts Thread Starter

    Joined:
    Jun 22, 2007
    Messages:
    74
    i dont understanjt this Save it to your desktop.
    Please double-click OTMoveIt.exe to run it.
    Copy the file paths below to the clipboard by highlighting ALL of them and
    pressing CTRL + C (or, after highlighting, right-click and choose copy):


    were are the paths that you say below clip boar were that

    and i receive the replay on my email i dont see it here can you repost the paths that you say
     
  9. racenutalways

    racenutalways

    Joined:
    Mar 10, 2005
    Messages:
    313
    A little confusion here, you received my reply, yet I don't see it posted??

    When you click on the OTMoveIt link a pop up shows up asking you where to save the download, click on "Desktop"
    Once you download the file to your desktop, you will have a new icon, double click on OTMoveIt.exe icon.
    Drag your mouse over the paths while holding your left mouse button to highlight the text, then right click to copy the text. Right mouse button is then used to paste the text.

    This is the file i want deleted C:\WINDOWS\system32\klog.dat

    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\klog.dat
      C:\WINDOWS\System32\svshost.dll


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
    • Close OTMoveIt
    *If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
    **If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")


    Click "Exit" to close OTMoveIt.

    Submit Samples:

    You have a file/s of interest to us. It would help the detection rates of the tools we use by getting hold of samples of these infections.

    Please download File Submitter by Grinler. I suggest you save the file where it is easy to locate i.e. the root of the drive (C:\submitter.exe).

    Create a right-click option:

    1. Navigate to this folder in Windows Explorer: C:\Documents and Settings\username\SendTo
    2. Right-click inside the folder and select New > Shortcut.
    3. Enter the location of the item: C:\submitter.exe (or wherever you saved it)
    4. Name the shortcut: Submit Malware
    5. The select Finish.

    Configure the tool:

    Note to helper - this depends on your preferences!

    1. Navigate to the tool in Windows Explorer: C:\submitter.exe (or wherever you saved it)
    2. Double-click the file to open it.
    3. The put a check in these boxes:

    Jotti
    VirusTotal
    Advanced
    BleepingComputer.com


    4. Then click Save and OK the confirmation window.
    5. Then click Exit to close the tool.

    Upload Samples:

    1. Locate this file/s in Windows Explorer:

    C:\WINDOWS\system32\C080412B15.sys!

    2. For each file you need to right-click and select Send To > Submit Malware (or whatever you named the shortcut)
    3. Copy/paste the results of the scans in your next reply. You should have two results for each file scanned.

    Go to Start > Run
    Type: regedit Click OK.
    On the leftside, click to highlight My Computer at the top.
    Go up to "File > Export". Make sure in that window there is a tick next to "All" under Export Branch.
    Leave the "Save As Type" as "Registration Files".
    Under "Filename" put backup.

    Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
    Click save and then go to File > Exit.
    This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

    Open Notepad, and copy everything inside the code box below (Starting with REGEDIT4) and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixit.reg on your Desktop. Make sure there is NO blank line above REGEDIT4


    Locate fixit.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.

    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O2 - BHO: (no name) - {1E94557F-6C8F-40B3-AC84-4167DACFB907} - C:\WINDOWS\System32\pmkhi.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {CC16DBDB-6285-4BF0-8E62-B05F5D40410b} - C:\WINDOWS\system32\dtlfqxdj.dll (file missing)
    O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\System32\svshost.dll (file missing)


    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

    Run HJT again and post those results in your next reply.
     
  10. chechiarts

    chechiarts Thread Starter

    Joined:
    Jun 22, 2007
    Messages:
    74
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:10:59 AM, on 9/3/07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    O4 - HKLM\..\Run: [Microsoft Setup Initialization] rundll32.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] rundll32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1187885426859
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188325652453
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181758753014
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: °¸€ - °¸€ (file missing)
    O20 - Winlogon Notify:  ° ¸ € -  ° ¸ € (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: 𘠀 - 𘠀 (file missing)
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 5492 bytes




    O2 - BHO: (no name) - {1E94557F-6C8F-40B3-AC84-4167DACFB907} - C:\WINDOWS\System32\pmkhi.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {CC16DBDB-6285-4BF0-8E62-B05F5D40410b} - C:\WINDOWS\system32\dtlfqxdj.dll (file missing)
    O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\System32\svshost.dll (file missing)



    well the files that you tell me to check are no there see and the other file that you told me to send to was no foun i dint see it was no there what know



    see below one of the files was no found this is from move it


    C:\WINDOWS\system32\klog.dat moved successfully.
    File/Folder C:\WINDOWS\System32\svshost.dll not found.

    Created on 09/03/2007 09:46:43
     
  11. racenutalways

    racenutalways

    Joined:
    Mar 10, 2005
    Messages:
    313
    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O20 - Winlogon Notify: °¸€ - °¸€ (file missing)
    O20 - Winlogon Notify:  ° ¸ € -  ° ¸ € (file missing)
    O20 - Winlogon Notify: 𘠀 - 𘠀 (file missing)


    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

    To enable the viewing of Hidden files follow these steps:

    1. Close all programs so that you are at your desktop.
    2. Double-click on the My Computer icon.
    3. Select the Tools menu and click Folder Options.
    4. After the new window appears select the View tab.
    5. Put a checkmark in the checkbox labeled Display the contents of system folders.
    6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
    9. Press the Apply button and then the OK button and shutdown My Computer.
    10. Now your computer is configured to show all hidden files.

    Submit Samples:

    You have a file/s of interest to us. It would help the detection rates of the tools we use by getting hold of samples of these infections.

    Please download File Submitter by Grinler. I suggest you save the file where it is easy to locate i.e. the root of the drive (C:\submitter.exe).

    Create a right-click option:

    1. Navigate to this folder in Windows Explorer: C:\Documents and Settings\username\SendTo
    2. Right-click inside the folder and select New > Shortcut.
    3. Enter the location of the item: C:\submitter.exe (or wherever you saved it)
    4. Name the shortcut: Submit Malware
    5. The select Finish.

    Configure the tool:

    Note to helper - this depends on your preferences!

    1. Navigate to the tool in Windows Explorer: C:\submitter.exe (or wherever you saved it)
    2. Double-click the file to open it.
    3. The put a check in these boxes:

    Jotti
    VirusTotal
    Advanced
    BleepingComputer.com


    4. Then click Save and OK the confirmation window.
    5. Then click Exit to close the tool.

    Upload Samples:

    1. Locate this file/s in Windows Explorer:

    C:\WINDOWS\system32\C080412B15.sys

    2. Right-click and select Send To > Submit Malware (or whatever you named the shortcut)
    3. Copy/paste the results of the scans in your next reply.

    Run DSS again and post those results in your next reply, also, let me know how your PC is running.
    Try Panda again and see if it runs now.
     
  12. chechiarts

    chechiarts Thread Starter

    Joined:
    Jun 22, 2007
    Messages:
    74
    File C080412B15.sys received on 09.03.2007 20:54:48 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


    Result: 0/32 (0%)
    Loading server information...
    Your file is queued in position: ___.
    Estimated start time is between ___ and ___ .
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Compact Print results
    Your file has expired or does not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
    Email:


    Antivirus Version Last Update Result
    AhnLab-V3 2007.9.1.0 2007.09.03 -
    AntiVir 7.4.1.66 2007.09.03 -
    Authentium 4.93.8 2007.09.02 -
    Avast 4.7.1029.0 2007.09.03 -
    AVG 7.5.0.485 2007.09.03 -
    BitDefender 7.2 2007.09.03 -
    CAT-QuickHeal 9.00 2007.09.03 -
    ClamAV 0.91.2 2007.09.03 -
    DrWeb 4.33 2007.09.03 -
    eSafe 7.0.15.0 2007.09.03 -
    eTrust-Vet 31.1.5105 2007.09.03 -
    Ewido 4.0 2007.09.03 -
    FileAdvisor 1 2007.09.03 -
    Fortinet 3.11.0.0 2007.09.03 -
    F-Prot 4.3.2.48 2007.09.02 -
    F-Secure 6.70.13030.0 2007.09.03 -
    Ikarus T3.1.1.12 2007.09.03 -
    Kaspersky 4.0.2.24 2007.09.03 -
    McAfee 5111 2007.09.03 -
    Microsoft 1.2803 2007.09.03 -
    NOD32v2 2500 2007.09.03 -
    Norman 5.80.02 2007.09.03 -
    Panda 9.0.0.4 2007.09.03 -
    Prevx1 V2 2007.09.03 -
    Rising 19.39.02.00 2007.09.03 -
    Sophos 4.21.0 2007.09.03 -
    Sunbelt 2.2.907.0 2007.08.31 -
    Symantec 10 2007.09.03 -
    TheHacker 6.1.9.175 2007.09.02 -
    VBA32 3.12.2.3 2007.09.03 -
    VirusBuster 4.3.26:9 2007.09.03 -
    Webwasher-Gateway 6.0.1 2007.09.03 -
    Additional information
    File size: 56 bytes
    MD5: 897b24a5846387c68273b900bd44bc03
    SHA1: 54665cc282f7e3d4ff23f130054980b8ebc2891a


    ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.









    Malware Submission
    Your file was successfully submitted. Please let the user helping you know that you have submitted the file.






    Service load: 0% 100%

    File: C080412B15.sys
    Status: OK
    MD5: 897b24a5846387c68273b900bd44bc03
    Packers detected: -
    Bit9 reports: File not found

    Scanner results
    Scan taken on 03 Sep 2007 18:54:44 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing





    Last file scanned at least one scanner reported something about: Keygen.EXE (MD5: 7da0efaccaa4368a412bffc643e3e018, size: 16849 bytes), detected by:

    Scanner Malware name
    A-Squared X
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    CPsecure X
    Dr.Web X
    F-Prot Antivirus X
    F-Secure Anti-Virus W32/Darkgain.A
    Fortinet PossibleThreat
    Kaspersky Anti-Virus X
    NOD32 X
    Norman Virus Control Suspicious_F.gen
    Panda Antivirus X
    Rising Antivirus X
    Sophos Antivirus Mal/Packer
    VirusBuster X
    VBA32 X


    You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
    We are not affiliated with any third parties that conduct tests using this service.





    Deckard's System Scanner v20070826.66
    Run by Owner on 2007-09-03 15:04:44
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Percentage of Memory in Use: 80% (more than 75%).
    Total Physical Memory: 126 MiB (512 MiB recommended).


    -- HijackThis (run as Owner.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:14:08 PM, on 9/3/07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    O4 - HKLM\..\Run: [Microsoft Setup Initialization] rundll32.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] rundll32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1187885426859
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188325652453
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181758753014
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: °¸€ - °¸€ (file missing)
    O20 - Winlogon Notify:  ° ¸ € -  ° ¸ € (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: 𘠀 - 𘠀 (file missing)
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 5491 bytes

    -- Files created between 2007-08-03 and 2007-09-03 -----------------------------

    2007-09-03 10:04:59 65816790 --a------ C:\backup.reg
    2007-09-03 09:48:58 102400 --a------ C:\submitter.exe <SUBMIT~1.EXE> <Not Verified; BleepingComputer.com; File Submitter>
    2007-09-02 10:44:10 0 d-------- C:\WINDOWS\system32\XPSViewer
    2007-09-01 22:59:38 0 d-------- C:\Program Files\MSXML 6.0
    2007-09-01 22:12:53 0 d-------- C:\7bd3b72d1abe5df186b07f93
    2007-09-01 22:04:50 0 d-------- C:\9b5d083c6937185911690a36
    2007-08-31 12:51:35 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-08-31 09:56:59 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
    2007-08-31 09:27:30 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
    2007-08-31 09:24:46 0 d-------- C:\Program Files\SUPERAntiSpyware
    2007-08-31 09:24:43 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\SUPERAntiSpyware.com
    2007-08-31 09:22:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-31 09:11:31 0 d-------- C:\Program Files\Trend Micro
    2007-08-27 16:21:48 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\Tibia
    2007-08-27 16:19:28 0 d-------- C:\Program Files\Tibia
    2007-08-26 20:29:26 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\Bitdefender
    2007-08-26 20:26:29 0 d-------- C:\Program Files\BitDefender
    2007-08-26 20:26:29 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
    2007-08-26 20:19:40 0 d-------- C:\Program Files\Common Files\BitDefender
    2007-08-23 15:14:44 92160 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
    2007-08-23 15:14:40 0 d-------- C:\Program Files\MagicDisc
    2007-08-23 14:24:11 0 d-------- C:\Program Files\VVSN
    2007-08-23 13:51:56 96256 --a------ C:\WINDOWS\system32\drivers\sptd8173.sys
    2007-08-23 13:51:56 642560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-08-22 16:00:26 0 d-------- C:\95bc5e5b3fa5a4757e21f9b1b463
    2007-08-19 13:53:11 0 d-------- C:\Program Files\Reality Pump
    2007-08-17 21:41:07 4096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys
    2007-08-14 09:56:38 0 d-------- C:\ConverterOutput
    2007-08-13 15:46:21 0 d-------- C:\Program Files\AVTJet Studio
    2007-08-13 14:46:45 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
    2007-08-13 14:46:45 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
    2007-08-13 14:46:44 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
    2007-08-13 14:46:44 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
    2007-08-13 14:46:40 0 d-------- C:\Program Files\Cucusoft
    2007-08-04 15:28:16 0 d-------- C:\NDSSAVE
    2007-08-04 15:25:30 0 d-------- C:\Program Files\M3 GAME Manager
    2007-08-03 09:51:04 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>


    -- Find3M Report ---------------------------------------------------------------

    2007-09-02 21:45:39 0 d-------- C:\Program Files\GameSpy Arcade
    2007-08-31 09:22:17 0 d-------- C:\Program Files\Common Files
    2007-08-30 19:51:05 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\uTorrent
    2007-08-28 18:04:59 0 d-------- C:\Program Files\eMule
    2007-08-26 20:57:45 81984 --a------ C:\WINDOWS\system32\bdod.bin
    2007-08-24 23:49:40 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\LimeWire
    2007-08-23 16:52:21 0 d-------- C:\Program Files\Deskshare
    2007-08-23 14:54:26 0 d-------- C:\Program Files\DAEMON Tools
    2007-08-16 13:16:23 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
    2007-08-03 09:59:15 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\UseNeXT
    2007-08-01 17:31:09 0 d-------- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\Help
    2007-07-23 04:32:30 0 d-------- C:\Program Files\DOSBox-0.65
    2007-07-23 04:18:50 0 d-------- C:\Program Files\Loonies
    2007-07-20 15:54:30 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; Softwin; Softwin BitDefender Communicator>
    2007-07-18 23:34:12 169472 --a------ C:\ReinMoonMakeIcon.exe
    2007-07-08 13:10:23 0 d-------- C:\Program Files\MSN Messenger
    2007-06-26 11:41:32 2232320 --a------ C:\Program Files\Tibia.exe <Not Verified; CipSoft GmbH; Tibia Player>
    2007-06-24 12:33:10 56 -r-hs---- C:\WINDOWS\system32\C080412B15.sys
    2007-06-16 15:20:23 14 --a------ C:\WINDOWS\system32\getfile.dat
    2007-06-14 15:56:01 3286 --a------ C:\WINDOWS\mozver.dat
    2007-06-13 18:17:47 0 --a------ C:\WINDOWS\nsreg.dat
    2007-06-13 18:16:25 99965 --a------ C:\WINDOWS\UninstallFirefox.exe
    2007-06-13 13:29:46 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2007-06-13 11:38:05 2 --a------ C:\611686717
    2007-06-13 06:21:26 62 --ahs---- C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\desktop.ini
    2007-06-08 15:52:22 88379 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BDSwitchAgent"="C:\Program Files\Softwin\BitDefender9\bdswitch.exe" []
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/06 08:20 PM]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/07 03:43 AM]
    "SMSERIAL"="sm56hlpr.exe" [06/19/03 09:49 AM C:\WINDOWS\sm56hlpr.exe]
    "PC Booster"="C:\Program Files\inKline Global\PC Booster\PCBooster.exe" [06/26/02 01:10 PM]
    "Microsoft Setup Initialization"="rundll32.exe" [08/04/04 12:56 AM C:\WINDOWS\system32\rundll32.exe]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/04 10:31 PM]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/04 10:31 PM]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/04 10:32 PM]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [06/16/04 04:03 AM]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/16/04 04:03 AM]
    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [08/07/07 07:19 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/04 12:56 AM]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/07 11:39 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "Microsoft Setup Initialization"=rundll32.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Start Menu\Programs\Startup\
    MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [8/23/07 3:14:43 PM]

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/99 3:05:56 PM]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/06 12:55 PM 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/07 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx scan


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44786BE0-68AC-AD0F-F0FC-DEE2D9062794}]
    C:\WINDOWS\system32\System\tmpwin.exe s

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
    C:\Documents and Settings\Owner.CHECHIAR-FF6NDH\Application Data\Microsoft\cfgmgr.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CE7F324C-E742-BF9B-37E5-A16FD8856B2C}]
    C:\WINDOWS\system32\drincdn.dll.exe s



    -- End of Deckard's System Scanner: finished at 2007-09-03 15:06:54 ------------
     
  13. racenutalways

    racenutalways

    Joined:
    Mar 10, 2005
    Messages:
    313
    Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

    O20 - Winlogon Notify: °¸€ - °¸€ (file missing)
    O20 - Winlogon Notify:  ° ¸ € -  ° ¸ € (file missing)
    O20 - Winlogon Notify: 𘠀 - 𘠀 (file missing)


    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):

    C:\WINDOWS\system32\bdod.bin

    After that, Reboot.

    Before you do the next step, delete the fixit.reg from your desktop.
    Open Notepad, and copy everything inside the code box below (Starting with REGEDIT4) and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixit.reg on your Desktop. Make sure there is NO blank line above REGEDIT4
    Locate fixit.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

    Post a fresh HJT report in your next reply, let me know how things are running.
     
  14. chechiarts

    chechiarts Thread Starter

    Joined:
    Jun 22, 2007
    Messages:
    74
    the panda site told me this


    Error on downloading ActiveScanAn error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try againPossible causes of this error are:

    Not allowing the application's ActiveX control to be downloaded.

    Problems with the Internet connection.

    The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...



    o here what you ask


    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:56:12 AM, on 9/4/07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
    O4 - HKLM\..\Run: [Microsoft Setup Initialization] rundll32.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\RunServices: [Microsoft Setup Initialization] rundll32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1187885426859
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188325652453
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181758753014
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 5410 bytes
     
  15. racenutalways

    racenutalways

    Joined:
    Mar 10, 2005
    Messages:
    313
    You still haven't told me how your pc is running.

    Are you allowing the active X to install?? At the top of the window a small bar will present itself asking you to allow to install Active X, please allow it. If that doesn't work, try Kapersky:

    Kaspersky WebScanner

    Next Click on Kaspersky Online Scanner

    A Private Statement window will appear, click on Accept.
    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

    * The program will launch and then begin downloading the latest definition files:
    * Once the files have been downloaded click on NEXT
    * Now click on Scan Settings
    * In the scan settings make that the following are selected:
    o Scan using the following Anti-Virus database:
    o Standard
    o Scan Options:
    o Scan Archives
    Scan Mail Bases
    * Click OK
    * Now under select a target to scan:
    o Select My Computer
    * This will program will start and scan your system.
    * The scan will take a while so be patient and let it run.
    * Once the scan is complete it will display if your system has been infected.
    o Now click on the Save as Text button:
    * Save the file to your desktop.
    * Copy and paste that information in your next post.

    Take note the names and locations of any file it detects but fails to clean.


    Remove all old versions of Java and J2SE in your Add\Remove Programs(start|Control Panel|Add or Remove Programs) they cause a security vulnerabilty. Then update your Java to Java 6 update 2.
    Updating Java and Clearing Cache
    1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
      Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
    2. If you are unable to update you can manually update by going here:
    3. After the reboot, go back into the Control Panel and double-click the Java Icon.
    4. Under Temporary Internet Files, click the settings| Delete Files button.
    5. There are two options in the window to clear the cache - Leave Checked

      • Applications and Applets
        Trace and Log files
    6. Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    7. Click OK to leave the Java Control Panel.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/614600

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice