Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer Started To Restart Itself


  • This topic is locked This topic is locked
3 replies to this topic

#1 Shadowdance

Shadowdance

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 17 April 2008 - 09:28 PM

My windows explorer.exe started all of the sudden to restart itself.

Even when I run "explorer.exe" from my Task Manager, stays there for seconds and then poofs again.

I scanned my pc for malware (Windows Malware Tool) found 1 result and removed. (worm: Backdoor.win32)
I scanned my pc for rootkits (AVG Free Anti-Rootkit) found 1 result and removed.
I scanned my pc for spyware (S & D and Spyware Terminator) found LOTS of results and removed.
I also fixed my registry with Registry Booster 2.

I see in my taskman.exe a "Servstat32x.exe" process which I didnt know its presence before. Its kinda "restarting" itself, and I cannot "kill it".

Problem insists.

I cannot find something in the net about this problem...

I also know that winsock.exe pops up trying to make explorer to work? but I know nothing...

So I am attaching a log of hijackthis here.

Please respond... :thumbsup:

I cannot use the "browse" button so unfortunately I must copy/paste my log here :blink:

Run by PCTWO on 2008-04-18 05 _linenums:14'>Deckard's System Scanner v20071014.68Run by PCTWO on 2008-04-18 05:14:22Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --10: 2008-04-18 02:14:54 UTC - RP145 - Deckard's System Scanner Restore Point9: 2008-04-18 00:38:12 UTC - RP144 - Spyware Terminator - restore point8: 2008-04-17 16:33:52 UTC - RP143 - Installed Windows Live7: 2008-04-17 16:32:07 UTC - RP142 - Removed Windows Live installer6: 2008-04-17 16:29:24 UTC - RP141 - Εγκατάσταση Windows Live installer-- First Restore Point -- 1: 2008-04-12 22:42:10 UTC - RP136 - Removed VersionTracker Pro WindowsBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 77% (more than 75%).Total Physical Memory: 447 MiB (512 MiB recommended).System Drive C: has 4.44 GiB (less than 15%) free.-- HijackThis (run as PCTWO.exe) -----------------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-04-18 05:22:44Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\PC Tools Firewall Plus\FWService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Acer\Empowering Technology\ePerformance\MemCheck.exeD:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeC:\WINDOWS\system32\ati2evxx.exeC:\Program Files\Grisoft\AVG7\avgamsvr.exeC:\Program Files\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Common Files\BinarySense\hldasvc.exeC:\Program Files\Common Files\BinarySense\hldasvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exeC:\WINDOWS\system32\lxdicoms.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\PSIService.exeC:\Program Files\Spyware Terminator\sp_rsser.exeC:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\PCTWO\Επιφάνεια εργασίας\dss.exeC:\WINDOWS\servstat32x.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076"]http://www.crawler.com/search/dispatcher.a...&tbid=60076[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.yahoo.com/"]http://www.yahoo.com/[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url="http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com"]http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com[/url]R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://www2.onlinebandit.net/BBR/bbr_5-07.html"]http://www2.onlinebandit.net/BBR/bbr_5-07.html[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ΣυνδέσειςR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [url="http://www.crawler.com/search/ie.aspx?tb_id=60076"]http://www.crawler.com/search/ie.aspx?tb_id=60076[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [url="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076"]http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.crawler.com/search/ie.aspx?tb_id=60076"]http://www.crawler.com/search/ie.aspx?tb_id=60076[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076"]http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076[/url]R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: (no name) - AutorunsDisabled - (no file)O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dllO2 - BHO: (no name) - {446624E1-B767-4443-AA6E-0F355CAFD21B} - (no file)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO2 - BHO: (no name) - {79E9BB14-A5F2-46E0-B996-FB3D571DD3E1} - C:\WINDOWS\system32\geBsstsT.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {85FDFA6E-BB8F-42E0-B49F-8F3483E13163} - C:\WINDOWS\system32\awtsQJBt.dllO2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {AC674055-0EAF-4E06-AA99-9A251E2EF4F5} - (no file)O2 - BHO: (no name) - {C09A8B28-2301-46A8-97E9-8A1DDB888A54} - (no file)O2 - BHO: {fbe2cf90-8235-9419-9924-4eac81b8129c} - {c9218b18-cae4-4299-9149-532809fc2ebf} - (no file)O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dllO3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dllO4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -HO4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exeO4 - HKLM\..\Run: [ePower_DMC] "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUPO4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"O4 - HKLM\..\Run: [Boot] "C:\Acer\Empowering Technology\ePower\Boot.exe"O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -sO4 - HKLM\..\Run: [cssrs] c:\windows\cssrs.exeO4 - HKLM\..\Run: [winsock32] C:\WINDOWS\system32\winsock32.exeO4 - HKCU\..\Run: [Synaptics] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exeO4 - Global Startup: Acer Empowering Technology.lnk = ?O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htmO8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\PCTWO\Application Data\RssBandit\iecontext_subscribebandit.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra button: Προσθήκη στο ιστολόγιο - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Προσθήκη στο ιστολόγιο στο Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ2003b\Icq.exeO9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ2003b\Icq.exeO9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - [url="http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab"]http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab[/url]O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193957708093"]http://update.microsoft.com/windowsupdate/...b?1193957708093[/url]O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198898231578"]http://www.update.microsoft.com/microsoftu...b?1198898231578[/url]O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url="http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab"]http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[/url]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload.macromedia.com/get/flash...ent/swflash.cab[/url]O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url="http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab"]http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab[/url]O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4CFC494-AD8E-4229-81ED-1B65479B532B}: NameServer = 195.170.0.1,195.170.0.2O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{CF968160-B995-4C78-B81A-BC0376827615}: NameServer = 195.170.0.1,195.170.0.2O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dllO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dllO18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dllO18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLLO18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dllO18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dllO18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLLO20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dllO20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dllO20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dllO20 - Winlogon Notify: geBsstsT - C:\WINDOWS\system32\geBsstsT.dllO20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dllO20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dllO20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dllO20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dllO20 - Winlogon Notify: tiwokdbq - C:\WINDOWS\system32\tiwokdbq.dll (file missing)O20 - Winlogon Notify: tuvuusp - C:\WINDOWS\system32\tuvuusp.dll (file missing)O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dllO21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dllO21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dllO21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java development Services - Unknown owner - C:\WINDOWS\servstat32x.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exeO23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exeO23 - Service: lxdi_device - Unknown owner - C:\WINDOWS\system32\lxdicoms.exeO23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\NeroO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exeO24 - Desktop Component 0:  - --End of file - 15956 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R0 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>R0 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sysR1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sysR2 DritekPortIO (Dritek General Port I/O) - c:\program files\launch manager\dportio.sys <Not Verified; Dritek System Inc.; DPortIO>R2 int15 - c:\windows\system32\drivers\int15.sysR2 irda (Πρωτόκολλο IrDA) - c:\windows\system32\drivers\irda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>R2 ithsgt - c:\windows\system32\drivers\ithsgt.sysR2 lilsgt - c:\windows\system32\drivers\lilsgt.sysR2 nxsIO32 (NextSensor Kernel I/O Driver) - c:\windows\system32\drivers\nxsio32.sysR2 tvicport - c:\windows\system32\drivers\tvicport.sys <Not Verified; EnTech Taiwan; TVicPort Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>R2 zntport - c:\windows\system32\drivers\zntport.sys <Not Verified; Zeal SoftStudio; NTPort Library>R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>R3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>R3 sdbus - c:\windows\system32\drivers\sdbus.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>R3 SFilter (PCTools Driver) - c:\windows\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sysS2 eLock2BurnerLockDriver - c:\windows\system32\elock2burnerlockdriver.sys (file missing)S2 eLock2FSCTLDriver - c:\windows\system32\elock2fsctldriver.sys (file missing)S2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys (file missing)S2 npkcrypt - c:\program files\lineage ii\system\npkcrypt.sys (file missing)S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>S3 ATE_PROCMON - c:\program files\anti trojan elite\atepmon.sys (file missing)S3 BIOSCHK - c:\docume~1\pctwo\locals~1\temp\tiibf.tmp\disk1\bioschk.sys (file missing)S3 irsir (Πρόγραμμα οδήγησης σειριακής θύρας υπερύθρων της Microsoft) - c:\windows\system32\drivers\irsir.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>S3 nm (Πρόγραμμα οδήγησης εποπτείας δικτύου) - c:\windows\system32\drivers\nmnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>S3 NPPTNT2 - c:\windows\system32\npptnt2.sys (file missing)S3 psdfilter - c:\windows\system32\drivers\psdfilter.sys (file missing)S3 psdvdisk - c:\windows\system32\drivers\psdvdisk.sys (file missing)S3 SynasUSB - c:\windows\system32\drivers\synasusb.sys <Not Verified; SIA Syncrosoft; USB protection device>S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>S4 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 AcerMemUsageCheckService (Memory Check Service) - c:\acer\empowering technology\eperformance\memcheck.exe <Not Verified; Acer Inc.; >R2 Irmon (Εποπτεία Υπερύθρων) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>R2 Java development Services - "c:\windows\servstat32x.exe"R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exeS3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - -- Device Manager: Disabled ----------------------------------------------------Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Realtek RTL8139/810x Family Fast Ethernet NICDevice ID: PCI\VEN_10EC&DEV_8139&SUBSYS_009F1025&REV_10\4&FCF0450&0&08A4Manufacturer: Realtek Semiconductor Corp.Name: Realtek RTL8139/810x Family Fast Ethernet NICPNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_009F1025&REV_10\4&FCF0450&0&08A4Service: RTL8023xp-- Scheduled Tasks -------------------------------------------------------------2008-04-17 14:57:50       422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{97AFFB6A-762D-4364-B215-EA02F8D35582}.job2008-01-05 19:38:30       290 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job2007-11-26 04:06:44       338 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job-- Files created between 2008-03-18 and 2008-04-18 -----------------------------2008-04-18 03:12:39         5 --a------ C:\WINDOWS\youtubex.dll2008-04-18 03:12:38         0 d-------- C:\tmpDownload2008-04-18 03:12:32     10383 --ahs---- C:\WINDOWS\system32\tBJQstwa.ini22008-04-18 03:12:24    272896 --a------ C:\WINDOWS\system32\awtsQJBt.dll2008-04-18 03:07:17         0 d-------- C:\Program Files\YoutubeGet2008-04-18 03:06:36     37888 --a------ C:\WINDOWS\system32\geBsstsT.dll2008-04-17 16:42:35         0 d-------- C:\Limewire2008-04-14 16:53:34      7168 --a------ C:\WINDOWS\system32\rdriv.sys2008-04-14 16:47:02         0 d--hs---- C:\FOUND.0032008-04-14 03:19:57         0 d-------- C:\Program Files\Common Files\Steinberg2008-04-14 03:19:56         0 d-------- C:\Documents and Settings\All Users\Application Data\Steinberg2008-04-14 03:12:05     18432 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys <Not Verified; SIA Syncrosoft; USB protection device>2008-04-14 03:10:02     45056 --a------ C:\WINDOWS\system32\Synsopos.exe <Not Verified; SIA Syncrosoft; Syncrosoft Synsopos>2008-04-14 03:09:40    147456 --a------ C:\WINDOWS\system32\SynsoLChk.dll <Not Verified; SIA Syncrosoft; >2008-04-14 03:09:22         0 d-------- C:\Program Files\Syncrosoft2008-04-14 03:03:13     35328 --a------ C:\WINDOWS\system32\synsoacc.dll2008-04-14 02:57:35         0 d-------- C:\Documents and Settings\PCTWO\Application Data\Steinberg2008-04-13 18:26:45         0 d-------- C:\Documents and Settings\PCTWO\Application Data\skypePM2008-04-13 18:26:45        32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat2008-04-13 18:22:36         0 d-------- C:\Documents and Settings\PCTWO\Application Data\Skype2008-04-13 18:20:36         0 d-------- C:\Program Files\Common Files\Skype2008-04-13 14:23:18         0 d-------- C:\Program Files\Rar Repair Tool2008-04-13 04:32:02         0 d-------- C:\Program Files\Jufsoft2008-04-13 03:17:48       206 --a------ C:\Documents and Settings\PCTWO\Application Data\iPod Access v4 Prefs2008-04-13 03:17:16        45 --ah----- C:\Documents and Settings\PCTWO\Application Data\iPodAccessv4_OwnerName2008-04-13 03:12:13        11 --ah----- C:\Documents and Settings\PCTWO\Application Data\iPodAccess_Time2008-04-13 03:08:18         0 d-------- C:\Program Files\iPod Access for Windows2008-04-13 02:46:12         0 d-------- C:\Program Files\Neoretix2008-04-13 02:19:28         0 d-------- C:\Program Files\Steinberg2008-04-12 23:16:07         0 d-------- C:\Program Files\Anti Trojan Elite2008-04-12 22:57:52         0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Detect2008-04-12 22:56:10         0 d-------- C:\Program Files\WinPcap2008-04-12 04:22:28     53248 --a------ C:\WINDOWS\system32\pmexr.dll2008-04-12 04:22:28    274432 --a------ C:\WINDOWS\system32\lcms.dll <Not Verified; Marti Maria; LittleCMS color engine>2008-04-12 04:22:28    782336 --a------ C:\WINDOWS\system32\IlmImf.dll2008-04-12 04:22:27    204288 --a------ C:\WINDOWS\system32\pmtf3.dll2008-04-12 04:22:27    353280 --a------ C:\WINDOWS\system32\pmtf2.dll2008-04-12 04:22:27    205824 --a------ C:\WINDOWS\system32\pmtf1.dll2008-04-12 04:22:27     11776 --a------ C:\WINDOWS\system32\pmbm.dll2008-04-12 04:22:24    446464 --a------ C:\WINDOWS\system32\Photomatix_jpg.dll2008-04-12 04:22:23     95525 --a------ C:\WINDOWS\system32\Photomatix25Lib3.dll2008-04-12 04:22:23    274432 --a------ C:\WINDOWS\system32\Photomatix25Lib2.dll2008-04-12 04:22:23    278528 --a------ C:\WINDOWS\system32\Photomatix25Lib.dll2008-04-12 04:22:17         0 d-------- C:\Program Files\Photomatix2008-04-12 03:31:39    162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll2008-04-12 03:31:39     77312 --a------ C:\WINDOWS\system32\ztvunace26.dll2008-04-12 03:31:38     69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>2008-04-12 03:31:38    153088 --a------ C:\WINDOWS\system32\UNRAR3.dll2008-04-12 03:31:33         0 d-------- C:\Documents and Settings\PCTWO\Application Data\Simply Super Software2008-04-11 03:09:14         0 d-------- C:\DOTT.CD2008-04-11 03:06:17         0 d-------- C:\Program Files\ScummVM2008-04-09 04:17:32   1224704 -r-hs---- C:\WINDOWS\servstat32x.exe2008-04-09 04:09:45         0 d-------- C:\Program Files\PIM2008-04-08 17:01:53         0 d-------- C:\Program Files\Safari2008-04-08 16:47:20         0 d-------- C:\Program Files\iPod2008-04-08 16:19:09         0 d-------- C:\Program Files\QuickTime2008-04-08 03:55:57         0 d-------- C:\Documents and Settings\PCTWO\Application Data\PCToolsFirewallPlus2008-04-08 03:08:03     93440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys <Not Verified; PC Tools; PC Tools NDIS Driver>2008-04-08 03:07:37         0 d-------- C:\Program Files\Common Files\PC Tools2008-04-08 03:07:25         0 d-------- C:\Program Files\PC Tools Firewall Plus2008-04-08 01:10:36    138752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys2008-04-08 01:10:03         0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator2008-04-08 01:09:59         0 d-------- C:\Documents and Settings\PCTWO\Application Data\Spyware Terminator2008-04-08 01:09:08         0 d-------- C:\Program Files\Spyware Terminator2008-04-07 22:30:02         0 d-------- C:\Program Files\TechTracker2008-04-07 22:26:12         0 d-------- C:\Program Files\Lavasoft2008-04-07 22:26:06         0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-04-07 19:17:44     17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>2008-04-07 19:11:48    176220 ---h----- C:\WINDOWS\cssrs.exe <Not Verified; VolkS; UnbeKannt>2008-04-07 19:11:48    176220 ---h----- C:\firefox.exe <Not Verified; VolkS; UnbeKannt>2008-04-07 19:11:40     32768 --a------ C:\WINDOWS\Keygen.exe <Not Verified; Black Knight Team; Keygen>2008-04-07 19:11:39    139344 --a------ C:\WINDOWS\keyg.exe <Not Verified; VolkS; TurBot>2008-04-07 18:55:45    691545 --a------ C:\WINDOWS\unins000.exe2008-04-07 18:55:45      2553 --a------ C:\WINDOWS\unins000.dat2008-04-07 17:36:27    774241 --a------ C:\WINDOWS\system32\winsock32.exe2008-04-05 23:56:26         0 dr-h----- C:\Documents and Settings\PCTWO\Recent2008-04-05 05:23:15         0 d-------- C:\Program Files\SystemRequirementsLab2008-04-05 05:22:17         0 d-------- C:\Documents and Settings\PCTWO\Application Data\SystemRequirementsLab2008-04-03 14:58:04         0 d-------- C:\Program Files\BitComet2008-04-03 14:43:28         0 d-------- C:\Documents and Settings\PCTWO\Application Data\.Torrent Swapper2008-04-03 14:42:51         0 d-------- C:\Program Files\Swapper2008-04-02 21:25:25         0 d-------- C:\Documents and Settings\PCTWO\Application Data\Xfire2008-04-02 21:25:14         0 d-------- C:\Program Files\Xfire2008-04-02 16:45:58         0 d-------- C:\Program Files\screensavers2008-04-01 23:25:10         0 d-------- C:\WINDOWS\solcache2008-04-01 19:16:29         0 d-------- C:\Program Files\Game Accelerator2008-04-01 04:43:54         0 d-------- C:\Documents and Settings\PCTWO\Application Data\SecondLife2008-03-31 20:41:50         0 d-------- C:\WINDOWS\system32\embedded2008-03-31 20:41:47         0 d-------- C:\Program Files\Memturbo 42008-03-28 00:04:53         0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink2008-03-27 16:53:28         0 d-------- C:\Program Files\Flash Movie Player2008-03-25 18:58:10         0 d-------- C:\Program Files\FM Modifier 2.22008-03-24 03:38:06         0 d-------- C:\Program Files\Windows Live Safety Center2008-03-20 22:39:15         0 d-------- C:\Program Files\AoE22008-03-18 00:47:55         0 d-------- C:\Documents and Settings\PCTWO\Application Data\WaveIM.9AC2B9CC25658314676752FF95BAD6EAF46563AC.12008-03-18 00:46:38         0 d-------- C:\Program Files\Common Files\Adobe AIR2008-03-18 00:46:16         0 d-------- C:\Program Files\WAVE_IM-- Find3M Report ---------------------------------------------------------------2008-04-18 03:20:56  50069504 --a------ C:\WINDOWS\system32\servl2.dll <Not Verified; Microsoft Corporation; Λειτουργικό σύστημα Microsoft® Windows®>2008-04-16 21:05:12     85416 --ah----- C:\WINDOWS\system32\mlfcache.dat2008-04-08 23:40:40       908 --a------ C:\WINDOWS\eReg.dat2008-04-08 03:51:20    509808 --a------ C:\WINDOWS\system32\perfh008.dat2008-04-08 03:51:20     87800 --a------ C:\WINDOWS\system32\perfc008.dat2008-04-05 04:28:46      4340 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys2008-03-17 18:32:22         0 d-------- C:\Program Files\WebSite Downloader for Windows2008-03-15 04:53:40         0 d-------- C:\Program Files\WebFormDesigner2008-03-15 01:18:26         0 d-------- C:\Program Files\Free FLV Converter2008-03-15 00:36:48         0 d-------- C:\Program Files\MediaCell Mobile Video Converter2008-03-11 21:49:04         0 d-------- C:\Program Files\PostSmile2008-03-11 17:25:46         0 d-------- C:\Program Files\Veoh Networks2008-03-08 02:05:22         0 d-------- C:\Program Files\EA GAMES2008-03-04 15:33:20         0 d-------- C:\Program Files\Vista Start Menu2008-03-04 15:33:20         0 d-------- C:\Documents and Settings\PCTWO\Application Data\Vista Start Menu2008-03-04 15:27:16         0 d-------- C:\Documents and Settings\PCTWO\Application Data\SiteAdvisor2008-03-04 03:05:16         0 d-------- C:\Documents and Settings\PCTWO\Application Data\COWON2008-03-02 04:58:22         0 d-------- C:\Documents and Settings\PCTWO\Application Data\Media Player Classic2008-02-28 22:06:22         0 d-------- C:\Documents and Settings\PCTWO\Application Data\aignes2008-02-23 19:11:24         0 d-------- C:\Program Files\SopCast2008-02-23 01:41:40         0 d-------- C:\Program Files\Trojan Remover2008-02-06 04:59:08       461 --a------ C:\Program Files\INSTALL.LOG2008-02-02 16:09:18    221263 --ahs---- C:\WINDOWS\system32\dcbeg.ini22008-01-29 02:00:58         0 --a------ C:\WINDOWS\system32\SBRC.dat2008-01-28 02:23:14     22134 --ahs---- C:\WINDOWS\system32\hjkmp.ini22008-01-28 02:18:40   6239271 --a------ C:\WINDOWS\system32\SBSP.dat2008-01-28 02:18:40     25792 --a------ C:\WINDOWS\system32\SBFC.dat2008-01-18 05:39:34         8 -r-hs---- C:\WINDOWS\system32\9DF05FCCE0.sys-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{446624E1-B767-4443-AA6E-0F355CAFD21B}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79E9BB14-A5F2-46E0-B996-FB3D571DD3E1}]18/04/2008 03:06	37888	--a------	C:\WINDOWS\system32\geBsstsT.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85FDFA6E-BB8F-42E0-B49F-8F3483E13163}]18/04/2008 03:12	272896	---------	C:\WINDOWS\system32\awtsQJBt.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC674055-0EAF-4E06-AA99-9A251E2EF4F5}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C09A8B28-2301-46A8-97E9-8A1DDB888A54}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9218b18-cae4-4299-9149-532809fc2ebf}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [07/09/2006 20:19]"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [23/06/2006 21:59]"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [30/05/2006 12:11]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [21/12/2007 08:55]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/12/2007 18:12]"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [15/03/2006 22:12]"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [16/07/2007 18:54]"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [16/07/2007 18:54]"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [25/02/2008 16:49]"cssrs"="c:\windows\cssrs.exe" [07/04/2008 19:12]"winsock32"="C:\WINDOWS\system32\winsock32.exe" [07/04/2008 17:36][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Synaptics"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/12/2007 18:12]"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [12/12/2007 13:53]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/09/2004 20:00]"@"="" [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]"SpybotDeletingB7849"=command /c del "C:\Documents and Settings\PCTWO\Local Settings\Temp\removalfile.bat""SpybotDeletingD801"=cmd /c del "C:\Documents and Settings\PCTWO\Local Settings\Temp\removalfile.bat"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]"SpybotDeletingA2550"=command /c del "C:\Documents and Settings\PCTWO\Local Settings\Temp\removalfile.bat""SpybotDeletingC6784"=cmd /c del "C:\Documents and Settings\PCTWO\Local Settings\Temp\removalfile.bat"C:\Documents and Settings\PCTWO\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\MemTurbo.lnk - C:\Program Files\Memturbo 4\MemTurbo.exe [31/3/2008 20:41:48]C:\Documents and Settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [27/3/2006 11:37:58][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"RunStartupScriptSync"=0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoChangeAnimation"=1 (0x1)"NoStrCmpLogical"=1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"MemCheckBoxInRunDlg"=1 (0x1)"NoStrCmpLogical"=1 (0x1)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{79E9BB14-A5F2-46E0-B996-FB3D571DD3E1}"= C:\WINDOWS\system32\geBsstsT.dll [18/04/2008 03:06 37888][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsstsT] geBsstsT.dll 18/04/2008 03:06 37888 C:\WINDOWS\system32\geBsstsT.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tiwokdbq] tiwokdbq.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvuusp] tuvuusp.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtsQJBt[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^PCTWO^Start Menu^Προγράμματα^Εκκίνηση^VersionTrackerPro.lnk]path=C:\Documents and Settings\PCTWO\Start Menu\Προγράμματα\Εκκίνηση\VersionTrackerPro.lnkbackup=C:\WINDOWS\pss\VersionTrackerPro.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"RichVideo"=2 (0x2)"LVSrvLauncher"=2 (0x2)"iPod Service"=3 (0x3)"Apple Mobile Device"=2 (0x2)"Adobe LM Service"=3 (0x3)"aawservice"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe""LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe""eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0"MskAgentexe"=C:\Program Files\McAfee\MSK\MskAgent.exe"RTHDCPL"=RTHDCPL.EXE"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe""SBCSTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"Alcmtr"=ALCMTR.EXE"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe""PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe""MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe"winsock32"=C:\WINDOWS\system32\winsock32.exe"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime"DRam prosessor"=msconfig.exe"Svchost"=c:\windows\Svchost.exe"cssrs"=c:\windows\cssrs.exe"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe""TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]AutoRun\command- H:\DANCE2.EXE[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e7d3d4-09b3-11dd-be58-0016cfa57302}]AutoRun\command- I:\autorun.exe[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]C:\WINDOWS\system32\winsock32.exe[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2B48180E-3D47-6FBF-DD97-0732423956B8}]C:\WINDOWS\svchost.exe-- Hosts -----------------------------------------------------------------------127.0.0.1	www.007guard.com127.0.0.1	007guard.com127.0.0.1	008i.com127.0.0.1	www.008k.com127.0.0.1	008k.com127.0.0.1	www.00hq.com127.0.0.1	00hq.com127.0.0.1	010402.com127.0.0.1	www.032439.com127.0.0.1	032439.com8300 more entries in hosts file.-- End of Deckard's System Scanner: finished at 2008-04-18 05:25:13 ------------


Thanx in advance.

WIN 7 ULTIMATE EN, AMD Dual-Core A4-6320, 3.8GHz (Turbo 4GHz), MB: ASUSTeK COMPUTER INC. A55BM-E Rev X.0x, DDR3 SIN 1333 4GB, AMD Radeon HD 8370D, Realtek High Definition Audio,

Seagate ST500DM002-1BD142 500GB


BC AdBot (Login to Remove)

 


#2 Shadowdance

Shadowdance
  • Topic Starter

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 18 April 2008 - 08:14 AM

rdriv.sys is involved :thumbsup:

WIN 7 ULTIMATE EN, AMD Dual-Core A4-6320, 3.8GHz (Turbo 4GHz), MB: ASUSTeK COMPUTER INC. A55BM-E Rev X.0x, DDR3 SIN 1333 4GB, AMD Radeon HD 8370D, Realtek High Definition Audio,

Seagate ST500DM002-1BD142 500GB


#3 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:14 PM

Posted 29 April 2008 - 09:54 AM

Hi,

Please do not use quote tags in your posts unless you're asked to do so.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.


#4 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:14 PM

Posted 02 May 2008 - 02:32 PM

Due to lack of response, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread.and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users