Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bsod - *** Stop: 0x0000008e


  • Please log in to reply
3 replies to this topic

#1 Pena

Pena

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 25 February 2007 - 12:43 PM

getting blue screen once computer is done booting up. unable to run in normal mode.... ran scan disk and says my volume is dirty.. here is my hijack this report....please help...


Logfile of HijackThis v1.99.1
Scan saved at 10:37:26 AM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\tmpFE.tmp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ca67b747-619a-4536-baf1-8e140d6e51d0} - C:\WINDOWS\system32\d3dAGE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\nnmnkh.dll",setvm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://real.gamehouse.com/games/cinematyco...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O20 - Winlogon Notify: d3dAGE - C:\WINDOWS\SYSTEM32\d3dAGE.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:54 AM

Posted 25 February 2007 - 10:51 PM

Please download VirtumundoBeGone:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* Save it to the Desktop
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the Desktop
* Follow the directions as indicated

This program may generate a "BLUE SCREEN OF DEATH". Do not be concerned.
Just reboot if your system "jams".

The VirtumundoBeGone log VBG.txt is found on the Desktop.

~~~~
Please provide the VirtumundoBeGone log VBG.txt, and a new HijackThis log.

Old duck...


#3 Pena

Pena
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 02 March 2007 - 11:22 PM

[03/02/2007, 21:15:46] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jorge Peņa\Desktop\VirtumundoBeGone.exe" )
[03/02/2007, 21:15:51] - Detected System Information:
[03/02/2007, 21:15:51] - Windows Version: 5.1.2600, Service Pack 2
[03/02/2007, 21:15:51] - Current Username: Jorge Peņa (Admin)
[03/02/2007, 21:15:51] - Windows is in NORMAL mode.
[03/02/2007, 21:15:51] - Searching for Browser Helper Objects:
[03/02/2007, 21:15:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/02/2007, 21:15:51] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/02/2007, 21:15:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 21:15:51] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/02/2007, 21:15:51] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/02/2007, 21:15:51] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/02/2007, 21:15:51] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/02/2007, 21:15:51] - BHO 5: {ca67b747-619a-4536-baf1-8e140d6e51d0} ()
[03/02/2007, 21:15:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 21:15:51] - Checking for HKLM\...\Winlogon\Notify\d3dAGE
[03/02/2007, 21:15:51] - Found: HKLM\...\Winlogon\Notify\d3dAGE - This is probably Virtumundo.
[03/02/2007, 21:15:51] - Assigning {ca67b747-619a-4536-baf1-8e140d6e51d0} MSEvents Object
[03/02/2007, 21:15:51] - BHO list has been changed! Starting over...
[03/02/2007, 21:15:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/02/2007, 21:15:51] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/02/2007, 21:15:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 21:15:51] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/02/2007, 21:15:51] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/02/2007, 21:15:51] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/02/2007, 21:15:51] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/02/2007, 21:15:51] - BHO 5: {ca67b747-619a-4536-baf1-8e140d6e51d0} (MSEvents Object)
[03/02/2007, 21:15:51] - ALERT: Found MSEvents Object!
[03/02/2007, 21:15:51] - BHO 6: {D38439EC-4A7F-42b4-90C2-D810D7778FDD} ()
[03/02/2007, 21:15:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 21:15:51] - Checking for HKLM\...\Winlogon\Notify\tmp4.tmp
[03/02/2007, 21:15:51] - Key not found: HKLM\...\Winlogon\Notify\tmp4.tmp, continuing.
[03/02/2007, 21:15:51] - Finished Searching Browser Helper Objects
[03/02/2007, 21:15:51] - *** Detected MSEvents Object
[03/02/2007, 21:15:51] - Trying to remove MSEvents Object...
[03/02/2007, 21:15:52] - Terminating Process: IEXPLORE.EXE
[03/02/2007, 21:15:53] - Terminating Process: RUNDLL32.EXE
[03/02/2007, 21:15:53] - Disabling Automatic Shell Restart
[03/02/2007, 21:15:53] - Terminating Process: EXPLORER.EXE
[03/02/2007, 21:15:53] - Suspending the NT Session Manager System Service
[03/02/2007, 21:15:53] - Terminating Windows NT Logon/Logoff Manager
[03/02/2007, 21:15:54] - Re-enabling Automatic Shell Restart
[03/02/2007, 21:15:54] - File to disable: C:\WINDOWS\system32\d3dAGE.dll
[03/02/2007, 21:15:54] - Renaming C:\WINDOWS\system32\d3dAGE.dll -> C:\WINDOWS\system32\d3dAGE.dll.vir
[03/02/2007, 21:15:54] - File successfully renamed!
[03/02/2007, 21:15:54] - Removing HKLM\...\Browser Helper Objects\{ca67b747-619a-4536-baf1-8e140d6e51d0}
[03/02/2007, 21:15:54] - Removing HKCR\CLSID\{ca67b747-619a-4536-baf1-8e140d6e51d0}
[03/02/2007, 21:15:54] - Adding Kill Bit for ActiveX for GUID: {ca67b747-619a-4536-baf1-8e140d6e51d0}
[03/02/2007, 21:15:54] - Deleting ATLEvents/MSEvents Registry entries
[03/02/2007, 21:15:54] - Removing HKLM\...\Winlogon\Notify\d3dAGE
[03/02/2007, 21:15:54] - Searching for Browser Helper Objects:
[03/02/2007, 21:15:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/02/2007, 21:15:54] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/02/2007, 21:15:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 21:15:54] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/02/2007, 21:15:54] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/02/2007, 21:15:54] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/02/2007, 21:15:54] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/02/2007, 21:15:54] - BHO 5: {D38439EC-4A7F-42b4-90C2-D810D7778FDD} ()
[03/02/2007, 21:15:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/02/2007, 21:15:54] - Checking for HKLM\...\Winlogon\Notify\tmp4.tmp
[03/02/2007, 21:15:54] - Key not found: HKLM\...\Winlogon\Notify\tmp4.tmp, continuing.
[03/02/2007, 21:15:54] - Finished Searching Browser Helper Objects
[03/02/2007, 21:15:54] - Finishing up...
[03/02/2007, 21:15:54] - A restart is needed.
[03/02/2007, 21:15:54] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[03/02/2007, 21:16:02] - Attempting to Restart via STOP error (Blue Screen!)


Logfile of HijackThis v1.99.1
Scan saved at 9:18:01 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\tmp4.tmp.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\awwxya.dll",setvm
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://real.gamehouse.com/games/cinematyco...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE


thanks...

#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:54 AM

Posted 03 March 2007 - 12:07 PM

Please launch Notepad, (Start > Run, type in: notepad)
Copy/paste all the blue REGEDIT below to it

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D38439EC-4A7F-42b4-90C2-D810D7778FDD}]


In Notepad, go to File (upper menu bar), and select: Save as
In the Save as prompt:
Save in: Desktop
File Name: delete.reg
Save as Type: All files
Click: Save
Exit out of Notepad.

Back on the Desktop, double-click on the delete.reg file just saved and click on Yes when asked to merge the information into the Registry.

~~~~
Next, please download SilentRunners:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the Desktop and double-click on SilentRunners.vbs

SilentRunners searches a few Registry keys that HijackThis does not.

If an alert about scripting appears from your anti-virus, choose to allow the script to run.
When the scan is done, Notepad opens with a log which is saved in the SilentRunners folder.

Provide the content of the SilentRunners log in your reply, as well as a new HijackThis log.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users