Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help In Deleting Virus


  • Please log in to reply
2 replies to this topic

#1 ChronoXIII

ChronoXIII

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:08:12 AM

Posted 06 April 2008 - 08:35 AM

This computer kept showing spyware alerts, in either the yellow balloon or a window that I know is a bogus one. I ran a bitdefender scan and deleted a virus - Backdoor.Agent.ZGJ, but the problems persists. Enclosed below is my HJT log, please help me ASAp. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:59 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GNX Bingo - {A0C423F4-95C3-4C6A-A5C7-1E60F6E6BEA8} - C:\WINDOWS\kdftlboedox.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O3 - Toolbar: qvdntlmw - {3D5F91CB-4CEC-4AA8-BF5D-D7797DE45A4B} - C:\WINDOWS\qvdntlmw.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\yong\Desktop\install_sbd_en(3).exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [vwxqndfx] C:\WINDOWS\system32\vgpujorg.exe
O4 - HKLM\..\Policies\Explorer\Run: [0gjkRW4na1] C:\Documents and Settings\All Users\Application Data\jozerifs\betuxsxy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O21 - SSODL: ServiceDrive - {7d58dcd7-c6b2-4785-b317-46e7b632c507} - C:\WINDOWS\Installer\{7d58dcd7-c6b2-4785-b317-46e7b632c507}\ServiceDrive.dll (file missing)
O21 - SSODL: zip - {ae64c027-e12d-4c0b-ad0a-4c5aeeb64725} - C:\WINDOWS\Installer\{ae64c027-e12d-4c0b-ad0a-4c5aeeb64725}\zip.dll (file missing)
O21 - SSODL: vbgtorfd - {B2C25167-DC3F-4AC0-95EE-1CAEC0BA8664} - C:\WINDOWS\vbgtorfd.dll
O21 - SSODL: dwnrpofk - {A071395C-33FE-4A21-8EB9-228F669E0C28} - C:\WINDOWS\dwnrpofk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 5671 bytes

BC AdBot (Login to Remove)

 


#2 ChronoXIII

ChronoXIII
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:08:12 AM

Posted 06 April 2008 - 08:50 AM

Sorry, I am not aware of the new procedures.

Here is the new log.

Deckard's System Scanner v20071014.68
Run by yong on 2008-04-06 21:42:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-01-16 13:09:23 UTC - RP15 - Software Distribution Service 3.0
8: 2008-01-14 12:15:27 UTC - RP14 - System Checkpoint
7: 2008-01-10 04:58:11 UTC - RP13 - System Checkpoint
6: 2008-01-06 03:05:19 UTC - RP12 - Counterstrike 1.0 Installation
5: 2008-01-06 02:59:59 UTC - RP11 - Counterstrike 1.0 Installation


-- First Restore Point --
1: 2007-12-31 15:53:42 UTC - RP7 - Installed Microsoft Office 2000 Premium


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as yong.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:01 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Documents and Settings\yong\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\yong.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GNX Bingo - {A0C423F4-95C3-4C6A-A5C7-1E60F6E6BEA8} - C:\WINDOWS\kdftlboedox.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O3 - Toolbar: qvdntlmw - {3D5F91CB-4CEC-4AA8-BF5D-D7797DE45A4B} - C:\WINDOWS\qvdntlmw.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\yong\Desktop\install_sbd_en(3).exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [vwxqndfx] C:\WINDOWS\system32\vgpujorg.exe
O4 - HKLM\..\Policies\Explorer\Run: [0gjkRW4na1] C:\Documents and Settings\All Users\Application Data\jozerifs\betuxsxy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O21 - SSODL: ServiceDrive - {7d58dcd7-c6b2-4785-b317-46e7b632c507} - C:\WINDOWS\Installer\{7d58dcd7-c6b2-4785-b317-46e7b632c507}\ServiceDrive.dll (file missing)
O21 - SSODL: zip - {ae64c027-e12d-4c0b-ad0a-4c5aeeb64725} - C:\WINDOWS\Installer\{ae64c027-e12d-4c0b-ad0a-4c5aeeb64725}\zip.dll (file missing)
O21 - SSODL: vbgtorfd - {B2C25167-DC3F-4AC0-95EE-1CAEC0BA8664} - C:\WINDOWS\vbgtorfd.dll
O21 - SSODL: dwnrpofk - {A071395C-33FE-4A21-8EB9-228F669E0C28} - C:\WINDOWS\dwnrpofk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 5670 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 sf (SFI Service) - c:\windows\system32\drivers\sf.sys <Not Verified; Sonic Focus, Inc; Sonic Focus DSP service driver>
R2 csctl50 (John's Windows 2000 Driver) - c:\windows\system32\drivers\csctl50.sys
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 PowermaticFVNETusb(AR)® (Powermatic FVNETusb(AR)® Service for Compex iWavePort WLU11A Mod2) - c:\windows\system32\drivers\vnetusbr.sys <Not Verified; ATMEL; 802.11b Compliant USB Wireless Network Adapter>
R3 SMBios (Intel ® System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S3 MidiSyn - c:\windows\system32\drivers\midisyn.sys <Not Verified; Analog Devices Inc; MIDI Wavetable Synthesizer>
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_14031186&REV_86\4&2E98101C&0&08F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_14031186&REV_86\4&2E98101C&0&08F0
Service:


-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 21:13:49 0 d-------- C:\Program Files\Trend Micro
2008-04-06 21:07:57 0 d-------- C:\Program Files\Lavasoft
2008-04-06 21:07:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-23 16:50:18 0 d-------- C:\Program Files\SoftDesigner
2008-03-23 13:49:30 0 d-------- C:\Documents and Settings\All Users\Application Data\jozerifs
2008-03-23 13:48:31 221184 --a------ C:\WINDOWS\vbgtorfd.dll
2008-03-23 13:48:31 155648 --a------ C:\WINDOWS\qvdntlmw.dll
2008-03-23 13:48:31 81920 --a------ C:\WINDOWS\norlatmx.exe
2008-03-23 13:48:31 212992 --a------ C:\WINDOWS\kdftlboedox.dll
2008-03-23 13:48:31 212992 --a------ C:\WINDOWS\dwnrpofk.dll
2008-03-19 15:28:45 0 d--h----- C:\WINDOWS\PIF
2008-03-09 23:28:43 0 d-------- C:\Program Files\Game Vision
2008-03-09 23:23:53 0 d-------- C:\Documents and Settings\yong\WINDOWS
2008-03-09 23:20:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-09 23:18:38 720896 --a------ C:\WINDOWS\iun6002ev.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-09 23:16:02 0 d-------- C:\Program Files\netGangsters
2008-03-09 22:59:50 0 d-------- C:\Sim Safari


-- Find3M Report ---------------------------------------------------------------

2008-04-06 21:41:14 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-15 17:12:18 0 d-------- C:\Program Files\Carnivores
2008-03-09 23:20:56 0 d-------- C:\Program Files\Common Files
2008-02-29 21:57:27 0 d-------- C:\Program Files\7-Zip
2008-02-06 19:55:55 0 d-------- C:\Program Files\Windows Live
2008-02-06 19:55:42 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-06 18:13:15 0 d-------- C:\Documents and Settings\yong\Application Data\Help
2008-01-06 13:03:52 286720 --a------ C:\WINDOWS\iun503.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0C423F4-95C3-4C6A-A5C7-1E60F6E6BEA8}]
03/23/2008 11:02 AM 212992 --a------ C:\WINDOWS\kdftlboedox.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [05/29/2003 04:28 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/30/2003 09:42 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/01/2005 04:16 PM]
"nwiz"="nwiz.exe" [04/01/2005 04:16 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/01/2005 04:16 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10/15/2006 11:40 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 04:31 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 04:32 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 04:32 AM]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [04/02/2007 04:48 PM]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [03/26/2007 03:49 PM]
"SBI"="C:\Documents and Settings\yong\Desktop\install_sbd_en(3).exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/15/2006 05:41 PM]
"vwxqndfx"="C:\WINDOWS\system32\vgpujorg.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/18/1999 12:05:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"0gjkRW4na1"=C:\Documents and Settings\All Users\Application Data\jozerifs\betuxsxy.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ServiceDrive"= {7d58dcd7-c6b2-4785-b317-46e7b632c507} - C:\WINDOWS\Installer\{7d58dcd7-c6b2-4785-b317-46e7b632c507}\ServiceDrive.dll [ ]
"zip"= {ae64c027-e12d-4c0b-ad0a-4c5aeeb64725} - C:\WINDOWS\Installer\{ae64c027-e12d-4c0b-ad0a-4c5aeeb64725}\zip.dll [ ]
"vbgtorfd"= {B2C25167-DC3F-4AC0-95EE-1CAEC0BA8664} - C:\WINDOWS\vbgtorfd.dll [03/23/2008 11:02 AM 221184]
"dwnrpofk"= {A071395C-33FE-4A21-8EB9-228F669E0C28} - C:\WINDOWS\dwnrpofk.dll [03/23/2008 11:02 AM 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - AAWSERVICE



-- End of Deckard's System Scanner: finished at 2008-04-06 21:45:01 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
CPU 1: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 99%
Physical Memory (total/avail): 510.73 MiB / 4.34 MiB
Pagefile Memory (total/avail): 2017.43 MiB / 1454.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1944.05 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 14.65 GiB total, 7.52 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR 6L040J2 - 37.28 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 14.65 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Bitdefender Antivirus v8.0 (Softwin)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"="C:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe:*:Disabled:lf2"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\yong\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WINDOW-3D2D3ACB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\yong
LOGONSERVER=\\WINDOW-3D2D3ACB
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0205
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\yong\LOCALS~1\Temp
TMP=C:\DOCUME~1\yong\LOCALS~1\Temp
USERDOMAIN=WINDOW-3D2D3ACB
USERNAME=yong
USERPROFILE=C:\Documents and Settings\yong
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
yong (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
802.11 Wireless LAN USB Card --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{393DFEE9-4F53-4FAB-9CB0-F4CF3CF7379E}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
BitDefender Free Edition v10 --> MsiExec.exe /I{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}
Carnivores --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Carnivores\Uninst.isu"
Chinese Star 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C0C847E-CD9D-485D-8688-CF9DFCEEB042}\setup.exe"
CStar2004 --> c:\cstar2004\unins000.exe
Digimon 3 --> C:\WINDOWS\iun6002ev.exe "C:\Program Files\Digimon\irunin.ini"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
JumpAhead Nursery v2.0 --> C:\WINDOWS\uninst.exe -fC:\KA\Nursery\DeIsL1.isu
Little Fighter 2 v1.9 --> C:\Program Files\LittleFighter2\LF2_v1.9\Uninstal.exe
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Pokemon Gameboy Collection --> MsiExec.exe /I{58D1DD3F-DAD4-4DB8-A428-259D931EA6BB}
Pokemon Sapphire --> C:\WINDOWS\unvise32.exe C:\uninstal.log
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spiderman 2 --> C:\WINDOWS\iun503.exe C:\Program Files\Spiderman 2\irunin.ini
WebVideo Support --> C:\WINDOWS\norlatmx.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1270 / Error
Event Submitted/Written: 04/06/2008 08:41:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application lf2.exe, version 0.0.0.0, faulting module lf2.exe, version 0.0.0.0, fault address 0x0003ca28.
Processing media-specific event for [lf2.exe!ws!]

Event Record #/Type1246 / Error
Event Submitted/Written: 04/05/2008 05:26:57 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application r-litter figther.exe, version 0.0.0.0, faulting module r-litter figther.exe, version 0.0.0.0, fault address 0x000398ac.
Processing media-specific event for [r-litter figther.exe!ws!]

Event Record #/Type1245 / Error
Event Submitted/Written: 04/05/2008 05:26:13 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application r-litter figther.exe, version 0.0.0.0, faulting module r-litter figther.exe, version 0.0.0.0, fault address 0x000398ac.
Processing media-specific event for [r-litter figther.exe!ws!]

Event Record #/Type1218 / Error
Event Submitted/Written: 04/01/2008 03:55:34 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application lf2.exe, version 0.0.0.0, faulting module lf2.exe, version 0.0.0.0, fault address 0x0003ca28.
Processing media-specific event for [lf2.exe!ws!]

Event Record #/Type1217 / Error
Event Submitted/Written: 04/01/2008 03:55:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application lf2.exe, version 0.0.0.0, faulting module lf2.exe, version 0.0.0.0, fault address 0x0000cc46.
Processing media-specific event for [lf2.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type17894 / Error
Event Submitted/Written: 04/06/2008 09:43:28 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type17893 / Error
Event Submitted/Written: 04/06/2008 09:43:22 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type17892 / Error
Event Submitted/Written: 04/06/2008 09:43:17 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type17891 / Error
Event Submitted/Written: 04/06/2008 09:43:12 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type17890 / Error
Event Submitted/Written: 04/06/2008 09:43:06 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-04-06 21:45:01 ------------

#3 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:12 PM

Posted 14 April 2008 - 11:43 AM

Hello ChronoXIII,

Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users