Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infecting Whole Computer


  • This topic is locked This topic is locked
4 replies to this topic

#1 nagabeanz

nagabeanz

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 05 August 2008 - 09:18 PM

when i got the virius m my desktop turned red with what lookd like a biohazard symble on it. Under the symble were the words "your privacy is in danger download protection software now" about three "susgested" antiviruses were placed on my screen. Anywhere i click it will start some sort of download. I clicked on "start" and there is nothing there to click on, it all has been removed, however if i right clicked on start i was still able to see my info and files. it also did something to my wifi drivers for i am unable to even see my devise, i have to get onto the internet using a eithernet cable. i really have no idea what this is, or even where to start to get rid of it. Please HELP! following are my two logs
Main:

Deckard's System Scanner v20071014.68
Run by DCAE on 2008-08-05 20:59:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2008-08-06 01:59:37 UTC - RP21 - Deckard's System Scanner Restore Point
20: 2008-08-06 01:28:22 UTC - RP20 - Installed Linksys Wireless-G PCI Network Adapter with SpeedBoost
19: 2008-08-06 01:28:22 UTC - RP19 - Installed Driver Detective
18: 2008-08-06 01:28:21 UTC - RP18 - Software Distribution Service 3.0
17: 2008-08-06 01:28:21 UTC - RP17 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-08-06 01:28:19 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-05 21:00:49
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\DCAE\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {099AC52C-1CD4-434C-9CC6-FF56DABB5010} - C:\WINDOWS\system32\ddcApoLD.dll
O2 - BHO: (no name) - {2211D0BA-D2F2-4BA3-81F5-B320DEA46314} - C:\WINDOWS\system32\wvUKDTLD.dll
O2 - BHO: QXK Olive - {36C52D2F-5D45-49DC-810E-2EAA0E1925A2} - C:\WINDOWS\wnlmdakqpbv.dll
O2 - BHO: {1fc2a3ca-245c-125b-0114-c9aa75225afb} - {bfa52257-aa9c-4110-b521-c542ac3a2cf1} - C:\WINDOWS\system32\cinwqk.dll
O3 - Toolbar: bgrqfetx - {04B2B073-361D-420E-B5A5-78C4B926E39A} - C:\WINDOWS\bgrqfetx.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [644251ff] rundll32.exe "C:\WINDOWS\system32\paukuktr.dll",b
O4 - HKLM\..\Run: [BM67716263] Rundll32.exe "C:\WINDOWS\system32\ktxtjfei.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217974385937
O20 - Winlogon Notify: ddcApoLD - C:\WINDOWS\system32\ddcApoLD.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\system32\WinCtrl32.dll
O21 - SSODL: tfnslopk - {CF7C0279-4C4D-41B6-85BE-47856A609B64} - C:\WINDOWS\tfnslopk.dll
O21 - SSODL: xokvrpwg - {5637A68C-70B1-4B42-8A7D-132928D1FA05} - C:\WINDOWS\xokvrpwg.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 4350 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Winsx67 - c:\windows\system32\drivers\winsx67.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 MSICPL - e:\install4\msicpl.sys (file missing)
S3 NTACCESS - e:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - e:\ntglm7x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_B8341462&REV_00\4&BC67B8D&0&08F0
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_B8341462&REV_00\4&BC67B8D&0&08F0
Service:


-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-05 20:39:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-08-05 20:31:09 81408 --a------ C:\WINDOWS\system32\paukuktr.dll
2008-08-05 20:29:01 96768 --a------ C:\WINDOWS\system32\cinwqk.dll
2008-08-05 20:29:00 96768 --a------ C:\WINDOWS\system32\bcsulrkf.dll
2008-08-05 20:28:54 90112 --a------ C:\WINDOWS\system32\ktxtjfei.dll
2008-08-05 20:28:09 1808 --ahs---- C:\WINDOWS\system32\DLTDKUvw.ini2
2008-08-05 20:28:03 246272 --a------ C:\WINDOWS\system32\wvUKDTLD.dll
2008-08-05 20:21:59 0 d-------- C:\WINDOWS\CSC
2008-08-05 20:15:33 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-05 20:15:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-05 20:15:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-05 20:15:33 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-08-05 20:15:33 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-05 20:15:33 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-05 20:15:33 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-08-05 20:15:33 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-05 20:15:33 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-08-05 20:15:33 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-05 20:15:33 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-08-05 20:15:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-05 20:15:33 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-05 20:15:32 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-05 20:13:06 34176 --a------ C:\WINDOWS\system32\tuvSihIB.dll
2008-08-05 20:13:06 34176 --a------ C:\WINDOWS\system32\cbXrQkhF.dll
2008-08-05 20:10:30 16896 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-08-05 20:10:24 34176 --a------ C:\WINDOWS\system32\pmnoNFVN.dll
2008-08-05 20:10:24 34176 --a------ C:\WINDOWS\system32\efcdCsQH.dll
2008-08-05 20:09:54 0 d-------- C:\WINDOWS\privacy_danger
2008-08-05 20:09:53 0 d-------- C:\Documents and Settings\DCAE\Application Data\TmpRecentIcons
2008-08-05 20:08:56 233472 --a------ C:\WINDOWS\xokvrpwg.dll
2008-08-05 20:08:56 405504 --a------ C:\WINDOWS\wnlmdakqpbv.dll
2008-08-05 20:08:56 200704 --a------ C:\WINDOWS\tfnslopk.dll
2008-08-05 20:08:56 86016 --a------ C:\WINDOWS\lnvegaow.exe
2008-08-05 20:08:56 139264 --a------ C:\WINDOWS\evoq.exe
2008-08-05 20:08:56 192512 --a------ C:\WINDOWS\bgrqfetx.dll
2008-08-05 20:08:37 36864 --a------ C:\WINDOWS\system32\yayywWmn.dll
2008-08-05 20:08:36 36864 --a------ C:\WINDOWS\system32\ssqOhEUL.dll
2008-08-05 20:08:08 36864 --a------ C:\WINDOWS\system32\vtUkjHwV.dll
2008-08-05 20:08:08 36864 --a------ C:\WINDOWS\system32\ddcApoLD.dll
2008-08-05 20:08:02 0 d-------- C:\Documents and Settings\DCAE\Application Data\WinRAR
2008-08-05 20:01:51 0 d-------- C:\Program Files\uTorrent
2008-08-05 20:01:45 0 d-------- C:\Documents and Settings\DCAE\Application Data\uTorrent
2008-08-05 19:56:43 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-08-05 19:56:41 1396831 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-08-05 19:56:40 147456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-08-05 19:56:40 651264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-08-05 19:56:38 0 d-------- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2008-08-05 19:41:12 0 d-------- C:\Program Files\PC Drivers HeadQuarters
2008-08-05 19:41:12 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-08-05 19:31:08 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-08-05 19:30:40 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-05 19:26:22 0 d-------- C:\WINDOWS\nview
2008-08-05 19:25:50 131072 -ra------ C:\WINDOWS\system32\smdll.dll <Not Verified; ; SMdll Dynamic Link Library>
2008-08-05 19:25:50 130048 -ra------ C:\WINDOWS\system32\MadCHook.dll <Not Verified; www.madshi.net; madCHook>
2008-08-05 19:25:48 266240 -ra------ C:\WINDOWS\system32\HookShield.dll
2008-08-05 19:25:48 262144 -ra------ C:\WINDOWS\system32\HookMAp.dll
2008-08-05 19:25:48 32768 -ra------ C:\WINDOWS\system32\Auxiliary.dll
2008-08-05 19:25:47 208896 -ra------ C:\WINDOWS\system32\WinSys2.exe <Not Verified; ; DOT Application>
2008-08-05 19:25:47 200704 -ra------ C:\WINDOWS\system32\WinSys.exe <Not Verified; ; DOT Application>
2008-08-05 19:25:47 9728 -ra------ C:\WINDOWS\system32\sysinfoX64.sys
2008-08-05 19:25:47 8192 -ra------ C:\WINDOWS\system32\sysinfo.sys
2008-08-05 19:25:47 114688 -ra------ C:\WINDOWS\system32\sysinfo.dll <Not Verified; Crystal Dew World; SysInfo>
2008-08-05 19:25:47 69632 -ra------ C:\WINDOWS\system32\sw24.exe
2008-08-05 19:25:47 208896 -ra------ C:\WINDOWS\system32\sw20.exe <Not Verified; ; sw20 Application>
2008-08-05 19:25:46 1748992 -ra------ C:\WINDOWS\system32\msicpl.dll <Not Verified; MSI; MSI MsiCpl>
2008-08-05 18:52:03 0 d-------- C:\WINDOWS\Prefetch
2008-08-05 18:45:58 0 d-------- C:\WINDOWS\system32\scripting
2008-08-05 18:45:57 0 d-------- C:\WINDOWS\system32\en
2008-08-05 18:45:57 0 d-------- C:\WINDOWS\l2schemas
2008-08-05 18:43:18 0 d-------- C:\WINDOWS\network diagnostic
2008-08-05 18:23:05 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-08-05 18:17:09 0 d-------- C:\WINDOWS\provisioning
2008-08-05 18:17:09 0 d-------- C:\WINDOWS\peernet
2008-08-05 18:16:25 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-05 18:14:33 0 d-------- C:\WINDOWS\EHome
2008-08-05 18:00:55 0 d-------- C:\Documents and Settings\DCAE\Application Data\Macromedia
2008-08-05 18:00:53 0 d--hs---- C:\WINDOWS\ftpcache
2008-08-05 17:16:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-05 17:14:36 0 d-------- C:\WINDOWS\system32\PreInstall
2008-08-05 17:14:35 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-05 17:14:21 0 d-------- C:\WINDOWS\system32\bits
2008-08-05 16:50:59 0 d-------- C:\Program Files\7-Zip
2008-08-05 07:15:08 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-08-05 07:13:30 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-08-05 07:01:25 327168 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-08-05 06:53:38 0 d-------- C:\WINDOWS\RegisteredPackages
2008-08-05 06:50:08 0 d-------- C:\WUTemp
2008-08-05 06:49:24 0 d--hs---- C:\Documents and Settings\DCAE\UserData
2008-08-05 06:41:52 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-08-05 06:41:52 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-08-05 06:36:07 0 d-------- C:\WINDOWS\OPTIONS
2008-08-05 06:36:03 0 d-------- C:\Documents and Settings\DCAE\Application Data\InstallShield
2008-08-05 06:35:50 0 d-------- C:\WINDOWS\system32\Lang
2008-08-05 06:34:43 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-08-05 06:34:24 0 d-------- C:\WINDOWS\system32\RTCOM
2008-08-05 06:33:53 0 d-------- C:\Program Files\Realtek
2008-08-05 06:33:51 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-08-05 06:33:51 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-08-05 06:33:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-05 06:33:48 0 d-------- C:\Program Files\Common Files\InstallShield
2008-08-05 06:32:28 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-08-05 06:32:12 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-08-05 06:32:11 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-08-05 06:32:11 53248 --a------ C:\WINDOWS\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-08-05 06:32:11 0 d-------- C:\Program Files\Intel
2008-08-05 06:32:08 0 d-------- C:\Intel
2008-08-05 06:29:04 0 d--hs---- C:\WINDOWS\Installer
2008-08-05 06:29:02 0 d-------- C:\Documents and Settings\DCAE\Application Data\Identities
2008-08-05 06:28:52 0 d--h----- C:\Documents and Settings\DCAE\Templates
2008-08-05 06:28:52 0 dr------- C:\Documents and Settings\DCAE\Start Menu
2008-08-05 06:28:52 0 dr-h----- C:\Documents and Settings\DCAE\SendTo
2008-08-05 06:28:52 0 dr-h----- C:\Documents and Settings\DCAE\Recent
2008-08-05 06:28:52 0 d--h----- C:\Documents and Settings\DCAE\PrintHood
2008-08-05 06:28:52 1310720 --ah----- C:\Documents and Settings\DCAE\NTUSER.DAT
2008-08-05 06:28:52 0 d--h----- C:\Documents and Settings\DCAE\NetHood
2008-08-05 06:28:52 0 dr------- C:\Documents and Settings\DCAE\My Documents
2008-08-05 06:28:52 0 d--h----- C:\Documents and Settings\DCAE\Local Settings
2008-08-05 06:28:52 0 dr------- C:\Documents and Settings\DCAE\Favorites
2008-08-05 06:28:52 0 d-------- C:\Documents and Settings\DCAE\Desktop
2008-08-05 06:28:52 0 d--hs---- C:\Documents and Settings\DCAE\Cookies
2008-08-05 06:28:52 0 dr-h----- C:\Documents and Settings\DCAE\Application Data
2008-08-05 06:28:21 0 d--hs---- C:\System Volume Information
2008-08-05 06:28:21 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-08-05 06:28:21 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-08-05 06:28:21 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-08-05 06:28:21 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-08-05 06:28:21 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-08-05 06:28:20 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-08-05 06:28:20 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-08-05 06:28:20 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-08-05 06:28:20 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-08-05 06:28:20 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-08-05 06:25:57 0 d-------- C:\WINDOWS\system32\xircom
2008-08-05 06:25:57 0 d-------- C:\Program Files\microsoft frontpage
2008-08-05 06:25:51 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-08-05 06:25:45 0 -rahs---- C:\MSDOS.SYS
2008-08-05 06:25:45 0 -rahs---- C:\IO.SYS
2008-08-05 06:25:45 0 --a------ C:\CONFIG.SYS
2008-08-05 06:25:45 0 --a------ C:\AUTOEXEC.BAT
2008-08-05 06:25:19 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-08-05 06:25:15 0 dr------- C:\WINDOWS\Offline Web Pages
2008-08-05 06:25:15 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-08-05 06:25:00 0 d-------- C:\WINDOWS\system32\DirectX
2008-08-05 06:24:29 0 d---s---- C:\WINDOWS\Tasks
2008-08-05 06:24:26 0 d-------- C:\Program Files\Common Files\MSSoap
2008-08-05 06:24:23 0 d-------- C:\WINDOWS\system32\Macromed
2008-08-05 06:24:23 0 d-------- C:\WINDOWS\srchasst
2008-08-05 06:24:21 0 d-------- C:\Program Files\Movie Maker
2008-08-05 06:24:18 0 d-------- C:\WINDOWS\system32\Restore
2008-08-05 06:24:18 0 d-------- C:\WINDOWS\PCHealth
2008-08-05 06:23:59 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-08-05 06:23:56 0 d-------- C:\WINDOWS\Registration
2008-08-05 06:23:55 0 d--h----- C:\Program Files\WindowsUpdate
2008-08-05 06:23:55 0 d-------- C:\Program Files\Online Services
2008-08-05 06:23:53 0 d-------- C:\Program Files\Messenger
2008-08-05 06:23:49 0 d-------- C:\Program Files\MSN Gaming Zone
2008-08-05 06:23:37 31616 --a------ C:\WINDOWS\system32\drivers\Winsx67.sys
2008-08-05 06:23:23 0 d-------- C:\Program Files\Windows NT
2008-08-05 06:23:21 0 d-------- C:\WINDOWS\system32\MsDtc
2008-08-05 06:23:20 0 d-------- C:\WINDOWS\system32\Com
2008-08-04 18:36:36 0 d-------- C:\Program Files\Common Files\ODBC
2008-08-04 18:36:34 0 dr------- C:\Program Files
2008-08-04 18:36:34 0 d-------- C:\Program Files\Common Files
2008-08-04 18:36:34 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-08-04 18:36:20 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-08-04 18:36:20 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-08-04 18:36:20 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-08-04 18:36:20 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-08-04 18:36:20 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-08-04 18:36:20 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-08-04 18:36:20 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-08-04 18:36:20 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-08-04 18:36:20 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-08-04 18:36:20 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-08-04 18:36:20 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-08-04 18:36:20 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-08-04 18:36:20 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-08-04 18:36:20 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-08-04 18:36:20 0 dr------- C:\Documents and Settings\All Users\Documents
2008-08-04 18:36:20 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-08-04 18:35:43 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-08-04 18:35:43 0 d-------- C:\WINDOWS\system32\CatRoot
2008-08-04 18:35:38 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-08-04 18:35:38 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-08-04 18:35:38 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-08-04 18:35:38 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-04 18:35:27 0 d-------- C:\Documents and Settings
2008-08-04 18:31:50 0 d-------- C:\WINDOWS
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\WinSxS
2008-08-04 18:31:50 0 dr------- C:\WINDOWS\Web
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\twain_32
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\wins
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\wbem
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\usmt
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\spool
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\ShellExt
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\Setup
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\ras
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\oobe
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\npp
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\mui
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\inetsrv
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\IME
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\icsxml
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\ias
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\export
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\drivers
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-08-04 18:31:50 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\dhcp
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\config
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\3076
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\2052
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\1054
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\1042
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\1041
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\1037
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\1033
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\1031
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\1028
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system32\1025
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\system
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\security
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\Resources
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\repair
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\mui
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\msapps
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\msagent
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\Media
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\java
2008-08-04 18:31:50 0 d--h----- C:\WINDOWS\inf
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\ime
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\Help
2008-08-04 18:31:50 0 dr--s---- C:\WINDOWS\Fonts
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\Driver Cache
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\Debug
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\Cursors
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\Connection Wizard
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\Config
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\AppPatch
2008-08-04 18:31:50 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-08-04 18:36:20 62 --ahs---- C:\Documents and Settings\DCAE\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{099AC52C-1CD4-434C-9CC6-FF56DABB5010}]
08/05/2008 20:08: VIRUS ALERT! 36864 --a------ C:\WINDOWS\system32\ddcApoLD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2211D0BA-D2F2-4BA3-81F5-B320DEA46314}]
08/05/2008 20:28: VIRUS ALERT! 246272 --a------ C:\WINDOWS\system32\wvUKDTLD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36C52D2F-5D45-49DC-810E-2EAA0E1925A2}]
08/05/2008 17:32: VIRUS ALERT! 405504 --a------ C:\WINDOWS\wnlmdakqpbv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bfa52257-aa9c-4110-b521-c542ac3a2cf1}]
08/05/2008 20:29: VIRUS ALERT! 96768 --a------ C:\WINDOWS\system32\cinwqk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [07/05/2007 03:08: VIRUS ALERT! C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [06/15/2007 03:45: VIRUS ALERT! C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43: VIRUS ALERT! C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/28/2007 11:43: VIRUS ALERT!]
"nwiz"="nwiz.exe" [06/28/2007 11:43: VIRUS ALERT! C:\WINDOWS\system32\nwiz.exe]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [04/28/2006 22:36: VIRUS ALERT!]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/28/2007 11:43: VIRUS ALERT!]
"644251ff"="C:\WINDOWS\system32\paukuktr.dll" [08/05/2008 20:31: VIRUS ALERT!]
"BM67716263"="C:\WINDOWS\system32\ktxtjfei.dll" [08/05/2008 20:28: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 19:12: VIRUS ALERT!]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{099AC52C-1CD4-434C-9CC6-FF56DABB5010}"= C:\WINDOWS\system32\ddcApoLD.dll [08/05/2008 20:08: VIRUS ALERT! 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"tfnslopk"= {CF7C0279-4C4D-41B6-85BE-47856A609B64} - C:\WINDOWS\tfnslopk.dll [08/05/2008 17:32: VIRUS ALERT! 200704]
"xokvrpwg"= {5637A68C-70B1-4B42-8A7D-132928D1FA05} - C:\WINDOWS\xokvrpwg.dll [08/05/2008 17:32: VIRUS ALERT! 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcApoLD]
ddcApoLD.dll 08/05/2008 20:08: VIRUS ALERT! 36864 C:\WINDOWS\system32\ddcApoLD.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 08/05/2008 20:57: VIRUS ALERT! 16896 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUKDTLD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsx67.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1691fe75-6276-11dd-8497-806d6172696f}]
AutoRun\command- E:\Setup.exe




-- End of Deckard's System Scanner: finished at 2008-08-05 21:02:59 ------------

--------------------------------------------------------------------------------------------------------------------

Extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E6550 @ 2.33GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2046.42 MiB / 1565.99 MiB
Pagefile Memory (total/avail): 3939.42 MiB / 3448.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1913.08 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 225.13 GiB free.
D: is Fixed (NTFS) - 149.04 GiB total, 113.46 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - MAXTOR STM3250310AS - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD1600JD-22FYB0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\DCAE\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BEANZ
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\DCAE
LOGONSERVER=\\BEANZ
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DCAE\LOCALS~1\Temp
TMP=C:\DOCUME~1\DCAE\LOCALS~1\Temp
USERDOMAIN=BEANZ
USERNAME=DCAE
USERPROFILE=C:\Documents and Settings\DCAE
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

DCAE (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Driver Detective --> C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
Linksys Wireless-G PCI Network Adapter with SpeedBooster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAE4A00B-D290-4B65-8287-B82A80FC0619}\setup.exe" -l0x9
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
WebVideo Support --> C:\WINDOWS\lnvegaow.exe
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type115 / Error
Event Submitted/Written: 08/05/2008 08:55:36 PM
Event ID/Source: 1008 / MsiInstaller
Event Description:
The installation of C:\Documents and Settings\Administrator\Local Settings\Application Data\{64A3A4F2-B792-11D6-A78A-00B0D0160070}\Java™ SE Development Kit 6 Update 7.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Event Record #/Type89 / Warning
Event Submitted/Written: 08/05/2008 07:39:58 PM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type76 / Warning
Event Submitted/Written: 08/05/2008 06:52:30 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type75 / Warning
Event Submitted/Written: 08/05/2008 06:52:30 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type70 / Warning
Event Submitted/Written: 08/05/2008 06:46:24 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type598 / Error
Event Submitted/Written: 08/05/2008 08:56:21 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type594 / Error
Event Submitted/Written: 08/05/2008 08:23:43 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Fips
intelppm

Event Record #/Type593 / Error
Event Submitted/Written: 08/05/2008 08:22:37 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type570 / Error
Event Submitted/Written: 08/05/2008 08:17:22 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type569 / Error
Event Submitted/Written: 08/05/2008 08:16:59 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip



-- End of Deckard's System Scanner: finished at 2008-08-05 21:02:59 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:48 PM

Posted 09 August 2008 - 02:39 PM

Hello nagabeanz,

Before we start, you need to realize that you are missing one important program on that computer: An antivirus! :thumbsup:

This is somewhat suicidal in today's digital world. :)

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Run the antivirus program, post the log it produces along with a fresh DSS Main.txt log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 nagabeanz

nagabeanz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 09 August 2008 - 03:09 PM

This will be a short post. First off thank you so much for assisting me. I do not have the time right now to do the test, for i am going out of town for a few days. However i will do them when i get back, so i appologize about the delay. Just a few questions. When i got the virius i did have a antivirus, however it was so bad that i wasn't able to use my internet. so i scraped my hard drive, and reinstalled windows. i was in the process of updating windows when the virius came back. Question: is it possible for a virus to stay in my computer even though i formated my hard drive? At this point i found out that i could use internet, using an eithernet cable, in safe mode. one of the tests that was suggested was not run do to the fact that i wouldnt run in safe mode. a few days after i posted safe mode would just freeze up. so i formated again and reloaded windows. so far no virus. the only thing that i have noticed is that i am still unable to find my network controller. in device manager there is a yellow question mark on other devices and a yellow qestion mark and yellow exclamation mark next network controller. Could this be part of the virus? if not could you also assist me in getting my WiFi back up and running? Again thank you, and i will run test and repost when i get back in town

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:48 PM

Posted 09 August 2008 - 03:31 PM

nagabeanz,

Just a few questions. When i got the virius i did have a antivirus, however it was so bad that i wasn't able to use my internet. so i scraped my hard drive, and reinstalled windows. i was in the process of updating windows when the virius came back. Question: is it possible for a virus to stay in my computer even though i formated my hard drive?



If you reformatted and reloaded windows then that will kill the virus. :)
However, you can get reinfected very easily if you do not have an antivirus running.
You must have an antivirus running constantly, and in Safe mode it does not run. :thumbsup:

Also, if you use Peer2Peer programs (like LimeWire, Utorrent), then you are more likey to get reinfected.



At this point i found out that i could use internet, using an eithernet cable, in safe mode. one of the tests that was suggested was not run do to the fact that i wouldnt run in safe mode. a few days after i posted safe mode would just freeze up. so i formated again and reloaded windows. so far no virus. the only thing that i have noticed is that i am still unable to find my network controller. in device manager there is a yellow question mark on other devices and a yellow qestion mark and yellow exclamation mark next network controller. Could this be part of the virus? if not could you also assist me in getting my WiFi back up and running? Again thank you, and i will run test and repost when i get back in town


I dont think that is part of the virus.
I cant help you with your WiFi, as my expertise is malware removal. I suggest you go to one of our Networking forum to help you with your WiFi problem.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:48 PM

Posted 19 August 2008 - 11:48 AM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users