Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virtumonde And Win32.bho.df


  • This topic is locked This topic is locked
3 replies to this topic

#1 Pandasnake_condor

Pandasnake_condor

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 23 June 2008 - 10:18 AM

Hi, I recently discovered I have the Virtumonde virus. It all started when I turned my computer on and I only got as far as seeing my background picture but no task bar or icon etc... I opened 'run' through the task manager and typed in 'explore' to get it all to appear. I did a spyware scan with Spybot search and destroy and it found Virtumonde and Win32.BHO.df. I've noticed that my computer is running extremely slow and if I try to open add/remove programs and windows firewall I get this message "Rundll32.exe Application error The application failed to initialize properly (0xc0000005)"
Here are the two logs created by DSS:

Deckard's System Scanner v20071014.68
Run by Luke on 2008-06-24 00:20:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-06-23 14:21:49 UTC - RP1371 - Deckard's System Scanner Restore Point
9: 2008-06-22 09:39:16 UTC - RP1370 - System Checkpoint
8: 2008-06-20 17:04:49 UTC - RP1369 - Software Distribution Service 3.0
7: 2008-06-19 15:37:59 UTC - RP1368 - Last known good configuration
6: 2008-06-18 04:44:54 UTC - RP1367 - System Checkpoint


-- First Restore Point --
1: 2008-06-13 09:35:23 UTC - RP1362 - Installed SimCity™ Societies


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Luke.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:44 AM, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Luke\Desktop\dss.exe
C:\DOCUME~1\Luke\Desktop\Luke.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weebls-stuff.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.weebls-stuff.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weebls-stuff.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4C996CEA-B35C-4EE0-82FC-42BE14AF63F3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A60C0171-FBB0-4557-974C-23F91889E063} - (no file)
O2 - BHO: (no name) - {DACB944C-DE95-4B04-BF71-653134C0A0AF} - (no file)
O2 - BHO: (no name) - {DCA22C4C-667F-496C-BC28-5047F15E77E6} - C:\WINDOWS\system32\wvUoNGVo.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe 1
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [48cb17cc] rundll32.exe "C:\WINDOWS\system32\ybehktvc.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1009897115359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135934793359
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtpbs/wtBalan...iomanagerwt.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0094B51.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9549 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - c:\windows\system32\drivers\sfsync04.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SSHDRV79 - c:\windows\system32\drivers\sshdrv79.sys <Not Verified; ; ProtectCD>
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
R2 AsusGIO - c:\program files\asus\ai booster\asusgio.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 ASUSHWIO - c:\windows\system32\drivers\asushwio.sys (file missing)
S3 bdfdll - c:\program files\softwin\bitdefender9\bdfdll.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 jfdcd - c:\docume~1\luke\locals~1\temp\jfdcd.sys (file missing)
S3 st3mp28 - c:\windows\system32\drivers\st3mp28.sys (file missing)
S3 st3tiger - c:\windows\system32\drivers\st3tiger.sys (file missing)
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-10 08:25:18 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-23 23:42:33 0 d-------- C:\VundoFix Backups
2008-06-23 18:49:32 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-22 18:54:46 51200 --a------ C:\WINDOWS\system32\__c0094B51.dat
2008-06-22 18:54:44 51200 --a------ C:\WINDOWS\system32\tuhtkrwi.dll
2008-06-22 18:54:34 90624 --a------ C:\WINDOWS\system32\laogcodi.dll
2008-06-21 03:16:22 79872 --a------ C:\WINDOWS\system32\wnmlbkjb.dll
2008-06-20 01:39:39 25600 --a------ C:\WINDOWS\system32\vtursqnN.dll
2008-06-20 01:37:42 557042 --ahs---- C:\WINDOWS\system32\oVGNoUvw.ini2
2008-06-19 15:05:04 25600 --a------ C:\WINDOWS\system32\yayWMDSM.dll
2008-06-19 15:04:56 25600 --a------ C:\WINDOWS\system32\fccbXoon.dll
2008-06-19 15:04:49 25600 --a------ C:\WINDOWS\system32\iifdcCSj.dll
2008-06-19 15:03:14 25600 --a------ C:\WINDOWS\system32\urqoNhHX.dll
2008-06-19 15:03:00 25600 --a------ C:\WINDOWS\system32\wvUkHYsT.dll
2008-06-19 15:00:59 25600 --a------ C:\WINDOWS\system32\opnmLdeb.dll
2008-06-19 15:00:52 25600 --a------ C:\WINDOWS\system32\urqQjklL.dll
2008-06-19 15:00:37 25600 --a------ C:\WINDOWS\system32\byXNHXPj.dll
2008-06-19 14:56:40 25600 --a------ C:\WINDOWS\system32\khfCUKAq.dll
2008-06-19 14:56:25 25600 --a------ C:\WINDOWS\system32\vtUmJCvv.dll
2008-06-19 14:56:09 25600 --a------ C:\WINDOWS\system32\qoMcayAT.dll
2008-06-19 14:55:57 25600 --a------ C:\WINDOWS\system32\khfEVOiH.dll
2008-06-19 14:52:51 25600 --a------ C:\WINDOWS\system32\vtUnkjIx.dll
2008-06-19 14:51:51 25600 --a------ C:\WINDOWS\system32\opnoppQH.dll
2008-06-19 14:51:03 25600 --a------ C:\WINDOWS\system32\vtUkheCu.dll
2008-06-19 14:50:37 25600 --a------ C:\WINDOWS\system32\wvUmjIca.dll
2008-06-19 14:50:18 25600 --a------ C:\WINDOWS\system32\opnnklIB.dll
2008-06-19 14:50:07 25600 --a------ C:\WINDOWS\system32\hgGxVNhF.dll
2008-06-19 14:48:39 25600 --a------ C:\WINDOWS\system32\nnnkKDuS.dll
2008-06-19 14:48:29 25600 --a------ C:\WINDOWS\system32\efcddBrp.dll
2008-06-19 14:48:16 25600 --a------ C:\WINDOWS\system32\iifgDuuR.dll
2008-06-19 14:47:19 25600 --a------ C:\WINDOWS\system32\byXRjheB.dll
2008-06-19 14:47:02 25600 --a------ C:\WINDOWS\system32\ljJBRKdA.dll
2008-06-19 14:44:14 25600 --a------ C:\WINDOWS\system32\vtUoliHy.dll
2008-06-16 11:55:00 0 d-------- C:\Documents and Settings\Luke\Application Data\SPORE Creature Creator
2008-06-15 23:45:13 0 d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-15 19:03:08 0 d-------- C:\Documents and Settings\Luke\Application Data\Ludia
2008-06-15 19:03:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-15 18:59:30 0 d-------- C:\Program Files\Jumpin Jack
2008-06-15 18:39:50 0 d-------- C:\Program Files\The Secret of Margrave Manor
2008-06-15 18:34:52 0 d-------- C:\Program Files\Discovery - A Seek and Find Adventure
2008-06-15 16:29:00 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-15 16:28:51 0 d-------- C:\Documents and Settings\Luke\Application Data\SystemRequirementsLab
2008-06-13 09:52:26 0 d-------- C:\Program Files\ASC Games
2008-06-11 01:02:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-06-02 23:29:41 0 d-------- C:\Program Files\Sun
2008-06-02 22:39:58 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-02 22:39:58 4630 --a------ C:\WINDOWS\unins000.dat
2008-05-29 20:51:22 0 d-------- C:\Program Files\Jollygood Games


-- Find3M Report ---------------------------------------------------------------

2008-06-24 00:33:54 0 d-------- C:\Program Files\PeerGuardian2
2008-06-24 00:22:26 0 d-------- C:\Documents and Settings\Luke\Application Data\Azureus
2008-06-23 20:45:37 0 d-------- C:\Program Files\Common Files
2008-06-23 00:03:00 0 d-------- C:\Program Files\RegistryFix
2008-06-19 13:17:56 0 d-------- C:\Program Files\Azureus
2008-06-16 11:52:45 0 d-------- C:\Program Files\Electronic Arts
2008-06-16 11:52:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 17:04:28 0 d-------- C:\Program Files\XoftSpySE
2008-06-07 15:30:37 0 d-------- C:\Documents and Settings\Luke\Application Data\Lionhead Studios
2008-06-06 00:35:02 0 d-------- C:\Documents and Settings\Luke\Application Data\Adobe
2008-06-04 17:06:04 0 d-------- C:\Program Files\Apple Software Update
2008-06-03 11:40:22 3459 --a------ C:\WINDOWS\eReg.dat
2008-06-02 23:28:45 0 d-------- C:\Program Files\Java
2008-06-01 12:39:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-29 20:51:29 81920 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-22 16:30:25 0 d-------- C:\Program Files\MSECache
2008-05-20 21:33:52 0 d-------- C:\Program Files\Hide and Secret 2 - Cliffhanger Castle
2008-05-19 20:04:08 0 d-------- C:\Program Files\D-Tools
2008-05-19 20:02:04 0 d-------- C:\Program Files\PowerISO
2008-05-18 21:52:36 0 d-------- C:\Program Files\Diablo II
2008-05-18 21:52:15 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-05-18 21:52:15 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-05-18 21:52:15 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-05-09 15:47:21 0 d-------- C:\Documents and Settings\Luke\Application Data\StoneLoopsBF
2008-05-09 14:03:11 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-09 13:22:44 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-07 18:43:05 0 d-------- C:\Documents and Settings\Luke\Application Data\AdobeUM
2008-05-06 19:32:33 0 d-------- C:\Program Files\PC-TV
2008-05-05 21:08:14 0 --a------ C:\Program Files\temp01
2008-05-05 21:08:11 0 d-------- C:\Program Files\bfgclient
2008-05-02 19:39:33 0 d-------- C:\Program Files\Bonjour
2008-05-02 19:35:15 0 d-------- C:\Program Files\Image-Line
2008-05-02 19:35:13 0 d-------- C:\Program Files\ASIO4ALL v2
2008-05-02 19:34:52 0 d-------- C:\Program Files\VstPlugins
2008-05-02 19:32:38 0 d-------- C:\Program Files\Outsim
2008-04-30 21:21:34 0 d-------- C:\Program Files\iTunes
2008-04-30 21:21:04 0 d-------- C:\Program Files\iPod
2008-04-30 21:12:12 0 d-------- C:\Program Files\QuickTime
2008-04-30 20:52:11 0 d-------- C:\Program Files\Common Files\Apple
2008-04-29 20:55:05 0 d-------- C:\Program Files\Mystery Case Files - Ravenhearst
2008-04-24 17:56:11 34206 --a------ C:\WINDOWS\DIIUnin.dat
2008-04-24 17:48:53 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-04-24 17:48:53 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-04-14 21:54:18 10 --a------ C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8554 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-24 00:34:50 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.70GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 767.23 MiB / 272.59 MiB
Pagefile Memory (total/avail): 3874.65 MiB / 3372.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.89 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 37.3 GiB total, 7.56 GiB free.
D: is Fixed (NTFS) - 76.33 GiB total, 8 GiB free.
E: is CDROM (UDF)
F: is CDROM (CDFS)
G: is CDROM (No Media)
H: is CDROM (CDFS)

\\.\PHYSICALDRIVE1 - Maxtor 6Y080P0 - 76.33 GiB - 1 partition
\PARTITION0 - Installable File System - 76.33 GiB - D:

\\.\PHYSICALDRIVE0 - SAMSUNG SV0411N - 37.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.3 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1043 [VPS 080512-0] v4.7.1043 (ALWIL Software) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"="C:\\Program Files\\ASUS\\AsusUpdate\\Update.exe:*:Enabled:ASUS Update"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus Vuze"
"C:\\Program Files\\Funcom\\Anarchy Online\\Client.exe"="C:\\Program Files\\Funcom\\Anarchy Online\\Client.exe:*:Enabled:Client"
"D:\\Program Files\\Valve\\Steam\\Steam.exe"="D:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Ubisoft\\Blue Byte\\THE SETTLERS - Heritage of Kings\\bin\\SettlersHoK.exe"="C:\\Program Files\\Ubisoft\\Blue Byte\\THE SETTLERS - Heritage of Kings\\bin\\SettlersHoK.exe:*:Enabled:THE SETTLERS - Heritage of Kings"
"C:\\Program Files\\Ubisoft\\Blue Byte\\THE SETTLERS - Heritage of Kings\\extra2\\bin\\SettlersHoK.exe"="C:\\Program Files\\Ubisoft\\Blue Byte\\THE SETTLERS - Heritage of Kings\\extra2\\bin\\SettlersHoK.exe:*:Enabled:THE SETTLERS - Heritage of Kings"
"C:\\Program Files\\Diablo II\\Game.exe"="C:\\Program Files\\Diablo II\\Game.exe:*:Enabled:Diablo II"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\America's Army\\System\\AALoader.exe"="D:\\Program Files\\America's Army\\System\\AALoader.exe:*:Enabled:America's Army"
"D:\\Program Files\\America's Army\\System\\pb\\PnkBstrB.exe"="D:\\Program Files\\America's Army\\System\\pb\\PnkBstrB.exe:*:Enabled:PnkBstrB"


-- Environment Variables -------------------------------------------------------



-- User Profiles ---------------------------------------------------------------

Luke (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type225 / Error
Event Submitted/Written: 06/23/2008 07:00:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application teatimer.exe, version 1.5.2.16, faulting module teatimer.exe, version 1.5.2.16, fault address 0x000042b2.
Processing media-specific event for [teatimer.exe!ws!]

Event Record #/Type193 / Error
Event Submitted/Written: 06/21/2008 06:36:48 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application oblivion.exe, version 1.2.0.416, faulting module oblivion.exe, version 1.2.0.416, fault address 0x001e8159.
Processing media-specific event for [oblivion.exe!ws!]

Event Record #/Type163 / Error
Event Submitted/Written: 06/15/2008 05:47:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application overclk.exe, version 0.0.0.0, faulting module overclk.exe, version 0.0.0.0, fault address 0x0009d928.
Processing media-specific event for [overclk.exe!ws!]

Event Record #/Type151 / Error
Event Submitted/Written: 06/14/2008 00:06:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application overclk.exe, version 0.0.0.0, faulting module overclk.exe, version 0.0.0.0, fault address 0x0009d928.
Processing media-specific event for [overclk.exe!ws!]

Event Record #/Type144 / Error
Event Submitted/Written: 06/12/2008 09:58:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application oblivion.exe, version 1.2.0.416, faulting module oblivion.exe, version 1.2.0.416, fault address 0x0033a5e8.
Processing media-specific event for [oblivion.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type144027 / Warning
Event Submitted/Written: 06/23/2008 11:30:18 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type144020 / Error
Event Submitted/Written: 06/23/2008 09:58:49 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type144019 / Error
Event Submitted/Written: 06/23/2008 09:58:35 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type144018 / Error
Event Submitted/Written: 06/23/2008 09:55:35 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type144017 / Error
Event Submitted/Written: 06/23/2008 09:52:33 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type



-- End of Deckard's System Scanner: finished at 2008-06-24 00:34:50 ------------

Thanks in advance.

BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 28 June 2008 - 03:59 AM

Hello Pandasnake_condor, my name is fenzodahl512 and welcome to BC...

Since its already five days after your last log, please post a fresh Deckard System Scanner log for further review...


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 28 June 2008 - 04:00 AM

Hello Pandasnake_condor, my name is fenzodahl512 and welcome to BC...

Since its already five days after your last log, please post a fresh Deckard System Scanner log for further review...


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:13 AM

Posted 06 July 2008 - 04:42 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users