Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection -- System Shutdown Popup..


  • This topic is locked This topic is locked
2 replies to this topic

#1 nobita

nobita

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 23 July 2008 - 06:38 AM

At the begining, when i used "Run" application then this system shutdown popup appears with a countdown of 50 minutes..and when it reaches 0 the computer restarts, but it has been a few days the popup appears every now and then....also my computer is too slow...could you please help....... below is the log.





Deckard's System Scanner v20071014.68
Run by Root on 2008-07-23 17:06:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
36: 2008-07-23 11:21:44 UTC - RP109 - Deckard's System Scanner Restore Point
35: 2008-07-23 09:10:26 UTC - RP108 - System Checkpoint
34: 2008-07-22 08:25:28 UTC - RP107 - System Checkpoint
33: 2008-07-20 08:30:23 UTC - RP106 - System Checkpoint
32: 2008-07-19 05:27:03 UTC - RP105 - Installed Windows XP WgaNotify.


-- First Restore Point --
1: 2008-05-23 07:45:16 UTC - RP74 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-23 17:08:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\YzShadow\YzShadow.exe
D:\XAMP\xampp\apache\bin\apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\XAMP\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
D:\XAMP\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Messenger\OutlookMessenger.exe
C:\Documents and Settings\Root\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe,iph.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{107AB58D-6A62-4655-A9A9-54BE7BC7CB89}: NameServer = 192.168.2.1,202.79.65.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - D:\XAMP\xampp\apache\bin\apache.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mysql - Unknown owner - D:\XAMP\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe


--
End of file - 7473 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 catchme - c:\docume~1\root\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apache2.2 - "d:\xamp\xampp\apache\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 mysql - d:\xamp\xampp\mysql\bin\mysqld-nt.exe --defaults-file=d:\xamp\xampp\mysql\bin\my.cnf mysql

S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-23 14:18:11 0 d-------- C:\Documents and Settings\Root\Application Data\Malwarebytes
2008-07-23 14:18:08 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-23 14:18:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-23 13:57:16 0 d-------- C:\WINDOWS\ERUNT
2008-07-23 13:54:50 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-18 17:31:46 53248 --a------ C:\WINDOWS\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2008-07-18 17:31:46 495616 --a------ C:\WINDOWS\system32\Scanner.dll <Not Verified; Dmitry Streblechenko; Outlook Redemption>
2008-07-18 17:31:46 24576 --a------ C:\WINDOWS\system32\CompressZItLib6.dll <Not Verified; vbAccelerator; Compress-Z-It Library - ZLib compression and decompression from VB>
2008-07-18 17:31:44 0 d-------- C:\Program Files\Outlook Messenger
2008-07-04 12:02:36 0 d-------- C:\WINDOWS\Sun
2008-06-26 17:13:43 0 d-------- C:\Documents and Settings\Root\Application Data\CoreFTP
2008-06-26 17:12:10 0 d-------- C:\Program Files\CoreFTP
2008-06-26 16:21:54 30 -rahs---- C:\WINDOWS\system.bat
2008-06-25 15:59:11 0 d-------- C:\Program Files\MultipleIEs
2008-06-25 13:22:48 0 d-------- C:\Program Files\Java
2008-06-25 13:22:34 0 d-------- C:\Program Files\Common Files\Java
2008-06-25 13:21:54 0 d-------- C:\Documents and Settings\Root\Application Data\Sun
2008-06-24 17:42:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-23 16:28:38 0 d-------- C:\Program Files\Yahoo! Games


-- Find3M Report ---------------------------------------------------------------

2008-07-23 15:34:13 0 d-------- C:\Documents and Settings\Root\Application Data\Adobe
2008-07-16 10:13:48 0 d-------- C:\Documents and Settings\Root\Application Data\Free Download Manager
2008-07-11 15:38:24 0 d-------- C:\Program Files\Messenger
2008-06-25 13:22:34 0 d-------- C:\Program Files\Common Files
2008-06-20 11:07:14 0 d-------- C:\Documents and Settings\Root\Application Data\Mozilla
2008-06-15 16:12:59 0 d-------- C:\Documents and Settings\Root\Application Data\Kingston
2008-06-06 16:14:12 0 d-------- C:\Program Files\FileZilla
2008-05-25 15:12:36 0 d-------- C:\Documents and Settings\Root\Application Data\Media Player Classic
2008-05-25 13:13:45 0 d-------- C:\Program Files\QuickTime Alternative
2008-05-25 13:13:40 0 d-------- C:\Program Files\Media Player Classic
2008-05-23 18:38:30 0 d-------- C:\Documents and Settings\Root\Application Data\MPEG Streamclip
2008-05-23 14:14:58 0 d-------- C:\Program Files\Notepad++
2008-05-23 14:14:58 0 d-------- C:\Documents and Settings\Root\Application Data\Notepad++
2008-05-23 14:13:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 14:02:18 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-05-23 14:01:34 0 d-------- C:\Program Files\Video Joiner
2008-05-23 12:42:28 0 d-------- C:\Documents and Settings\Root\Application Data\dvdcss
2008-05-23 12:23:57 0 d-------- C:\Documents and Settings\Root\Application Data\Pavtube
2008-05-23 12:23:47 0 d-------- C:\Program Files\Pavtube
2008-05-23 11:22:41 0 d-------- C:\Program Files\VideoCharge Software
2008-05-23 11:14:29 0 d-------- C:\Documents and Settings\Root\Application Data\AVSMedia
2008-05-12 12:54:09 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-08 15:26:49 1028 --a------ C:\Documents and Settings\Root\Application Data\AVIEncoder.wff
2008-05-04 17:13:19 969 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\A system shutdown is in progress.]
A system shutdown is in progress.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"A system shutdown is in progress."= A system shutdown is in progress. [ ]

[HKEY_CLASSES_ROOT\CLSID\A system shutdown is in progress.]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"A system shutdown is in progress."= A system shutdown is in progress. [ ]
"ITBarLayout"= A system shutdown is in progress. [ ]
"ITBar7Layout"= A system shutdown is in progress. [ ]

[-HKEY_CLASSES_ROOT\CLSID\A system shutdown is in progress.]

[-HKEY_CLASSES_ROOT\CLSID\ITBarLayout]

[-HKEY_CLASSES_ROOT\CLSID\ITBar7Layout]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/04/2008 10:12 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:41 AM]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [02/24/2006 06:17 AM]
"WinRoll"="C:\Program Files\WinRoll\winroll.exe" [01/02/2006 04:12 AM]
"Yz Shadow"="C:\Program Files\YzShadow\YzShadow.exe" [02/24/2006 08:36 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"A system shutdown is in progress."= A system shutdown is in progress. [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"A system shutdown is in progress."= A system shutdown is in progress. [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"A system shutdown is in progress."= - A system shutdown is in progress. [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe,iph.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TurboNote.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TurboNote.lnk
backup=C:\WINDOWS\pss\TurboNote.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Root^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Root\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Root^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Root\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alt+Q Hotkey Tool]
C:\WINDOWS\Alt+Q Hotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey]
C:\WINDOWS\Twain_32\4100\HotKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutlookMessenger]
"C:\Program Files\Outlook Messenger\OutlookMessenger.exe" /m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RK Launcher]
C:\Program Files\RK Launcher\RKLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Files Updater]
C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\DataTraveler101R.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08ce5c1d-f1ad-11dc-a896-0019217bab56}]
AutoRun\command- F:\kinza.exe
explore\Command- F:\kinza.exe
open\Command- F:\kinza.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a595c60-1d84-11dd-a8d4-0019217bab56}]
AutoRun\command- wscript.exe VirusRemoval.vbs
open\Command- wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c558bba-f581-11dc-a89e-0019217bab56}]
AutoRun\command- F:\isetup.exe
explore\Command- F:\isetup.exe
open\Command- F:\isetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78de6f54-3788-11dd-a8f3-0019217bab56}]
AutoRun\command- isetup.exe
explore\Command- isetup.exe
open\Command- isetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9999e3e3-1445-11dd-a8c2-0019217bab56}]
auto\command- F:\_recycled[010].com -h
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL _recycled[010].com -h

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef272da2-f40f-11dc-a89a-0019217bab56}]
AutoRun\command- isetup.exe
explore\Command- isetup.exe
open\Command- isetup.exe




-- End of Deckard's System Scanner: finished at 2008-07-23 17:08:55 ------------


THANKS IN ADVANCE...

Attached Files



BC AdBot (Login to Remove)

 


#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:36 PM

Posted 07 August 2008 - 01:28 PM

Hi and welcome,

Sorry for delay. We have been backlogged.
If you still need help please do the following:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site



Click Start> run> type:
"%userprofile%\desktop\dss.exe" /config
Hit OK> OK
Click "check all"
Hit "scan"
Post contents of both logs please.

Please don't use your USB jump drives on any other machines... one or more of your jump drives are likely also infected and if you use them on another machine you will spread the infection.

Thanks :thumbsup:

Edited by Blender, 08 August 2008 - 12:59 PM.
add info

I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:07:36 PM

Posted 14 August 2008 - 03:46 PM

Hello,

Due to lack of feedback this topic is now closed.
If you still need help please PM a member of the Moderating team with a link to your thread.

All others please begin new topic.

Thanks,

Blender
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users