Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got Hit,seriously Damaged!


  • Please log in to reply
17 replies to this topic

#1 Commander Gman

Commander Gman

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 16 June 2007 - 07:50 PM

Using my Laptop)
Is this the end? http://support.gateway.com/s/issues/2-976684501.shtml
A worm hit me yesterday,10:00PM when i was just using my wmp11,all of a sudden,wmp11 exit then i reopened it but found out that all of my Playlist were clean swipe so i tried restoring them after a few minutes,my PC restarted,then whent back to the log-in screen so typed my password to log-in then continued on

I was suspecting this could be cause bu malware at that time or probably even hardware/software failure or system errors can be the cause until yet,i tried AVG Anti-Virus Professional for scanning+HJT log was produced after a few minutes,PC restarted again and so my AVG can't complete a full system scan soi logged-in again and saw this terrifying message in my screen shown on the link above
When i clicked on start,coudn't even see "Shutdown" so it was sort of hopeless but i was even more dull since i haven't at this time notice i was actually hit by a worm which spreads so fast in multiple networks and should have taken off the Internet Connection,luckily my laptop was offline and would act as a backup force for me to disinfect me computer But the good thing was i remembered some keywords like"Isass.exe/NT AuthoritySystem" which gave me another chance to disinfect my computer and the chances of deflecting that worm was low since i only had one Real-Time protection which was AVG,IE and firefox also has some errors opening and would only close down

Will try putting the HJT log through my laptop through USB
just to give you an idea on what was i infected with....
Must solve this soon even if i have to reformatt and if it is the only solution,pls.let me know

Thanks in advance
CG

Edited by Commander Gman, 16 June 2007 - 07:52 PM.

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


BC AdBot (Login to Remove)

 


#2 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 18 June 2007 - 04:58 AM

Ok i got out of the problem ny reformatt since it took far more serious sudden bsods restarts
which was almost impossible to complete such a fix
Here is my HJT log after the reformatt pls.check if there are any remaining pieces of malware
And especially since i found out that my drive D wasn't reformatted

Logfile of HijackThis v1.99.1
Scan saved at 5:57:42 PM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\VGR\Tools\HijackThis.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Also 1 question,can i run windows updates without svchost.exe running high (100% CPU usage)?

Edited by Commander Gman, 18 June 2007 - 05:00 AM.

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#3 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:06 PM

Posted 29 June 2007 - 07:07 AM

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Greets Jürgenv

Donation: Click me.

#4 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 29 June 2007 - 08:13 AM

Special Update: I Have Already Reformatted my Comp since it Was too late but however since it had shown Sudden BSODS and multiple restarts
I got hit again about several days later,so here is the link: http://www.bleepingcomputer.com/forums/t/97892/need-help-asap/
Pls.Help ASAP

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#5 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 29 June 2007 - 08:21 AM

Well nvrmind,let us disregard the new post and continue on with this post
By the way,the link to downloading Combo Fix.exe is broken
Here is the New HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 9:21:53 PM, on 6/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\DeskSlide\DeskSlide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe
C:\Program Files\Grisoft\AVG Anti-Rootkit Free\av.exe
C:\Documents and Settings\user\Desktop\VGR\Tools\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DeskSlide] C:\Program Files\DeskSlide\DeskSlide.exe -logon -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#6 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:06 PM

Posted 29 June 2007 - 08:25 AM

I think there's something wrong with your hardware...
Greets Jürgenv

Donation: Click me.

#7 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 29 June 2007 - 08:27 AM

?? :flowers: :thumbsup: Well what do you mean?
This was a worm attack
Well what seems to be the problem then?
http://support.gateway.com/s/issues/2-976684501.shtml
Got hit similar to this but not exactly the same
Since it mentions Isass.exe

Edited by Commander Gman, 29 June 2007 - 08:29 AM.

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#8 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:06 PM

Posted 29 June 2007 - 08:37 AM

Try this combofix link: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

Edited by jurgenv, 29 June 2007 - 08:37 AM.

Greets Jürgenv

Donation: Click me.

#9 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 29 June 2007 - 08:41 AM

cComboFix 07-06-18.2 - C:\Documents and Settings\user\Desktop\ComboFix.exe
"user" - 2007-06-29 21:39:06 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 )))))))))))))))))))))))))))))))


2007-06-29 21:38 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-29 21:23 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-27 19:27 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2007-06-27 19:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-06-24 19:43 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-24 19:43 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-24 13:36 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\CyberLink
2007-06-24 13:33 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-06-24 13:33 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2007-06-24 13:33 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
2007-06-24 13:33 <DIR> d-------- C:\Program Files\Sierra On-Line
2007-06-24 13:33 <DIR> d-------- C:\DOCUME~1\user\WINDOWS
2007-06-24 13:19 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-24 12:56 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Leadertech
2007-06-24 10:06 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Comodo
2007-06-24 10:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-06-24 10:00 <DIR> d-------- C:\Program Files\Comodo
2007-06-23 19:05 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-06-23 19:04 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-23 19:03 <DIR> d-------- C:\Program Files\MSBuild
2007-06-23 18:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-06-23 18:58 <DIR> dr-h----- C:\MSOCache
2007-06-23 18:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-06-23 18:56 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-23 17:50 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-23 17:50 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-23 17:50 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-23 17:50 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-23 17:50 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-23 17:50 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-23 17:50 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-23 17:50 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-23 09:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-23 08:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-23 08:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-06-22 19:38 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\DeskSlide
2007-06-22 19:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-06-22 19:26 <DIR> d-------- C:\Program Files\CyberLink
2007-06-22 19:23 81,920 --a------ C:\WINDOWS\system32\VM303Sti.dll
2007-06-22 19:23 61,440 --a------ C:\WINDOWS\VM303_STI.exe
2007-06-22 19:23 53,248 --a------ C:\WINDOWS\Sti303.exe
2007-06-22 19:23 390,849 --a------ C:\WINDOWS\system32\drivers\usbVM303.sys
2007-06-22 19:23 32,768 --a------ C:\WINDOWS\VMZoom.exe
2007-06-22 19:23 24,576 --a------ C:\WINDOWS\VMPipe.dll
2007-06-22 19:23 172,032 --a------ C:\WINDOWS\amcap.exe
2007-06-22 19:23 102,400 --a------ C:\WINDOWS\VM303Cap.exe
2007-06-22 19:23 <DIR> d-------- C:\WINDOWS\EffectResources
2007-06-22 19:23 <DIR> d-------- C:\WINDOWS\CatRoot
2007-06-22 19:23 <DIR> d-------- C:\Program Files\Vimicro
2007-06-20 20:51 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\XnView
2007-06-20 20:49 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Apple Computer
2007-06-20 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-06-20 20:16 <DIR> d-------- C:\Program Files\XnView
2007-06-20 20:14 <DIR> d-------- C:\Program Files\ExtractNow
2007-06-20 18:56 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\SoundSpectrum
2007-06-19 20:31 2,828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-19 20:31 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Corel
2007-06-19 20:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-06-19 20:26 <DIR> d-------- C:\Program Files\Corel
2007-06-19 20:26 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-06-19 20:20 <DIR> d-------- C:\Program Files\QuickTime
2007-06-19 20:20 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-19 20:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-18 20:18 <DIR> d-------- C:\Program Files\eMule
2007-06-18 20:14 <DIR> d-------- C:\Program Files\DeskSlide
2007-06-18 20:11 <DIR> d-------- C:\Program Files\SoundSpectrum
2007-06-18 20:11 <DIR> d-------- C:\Program Files\CCleaner
2007-06-18 20:07 <DIR> d-------- C:\Program Files\Recuva
2007-06-18 20:07 <DIR> d-------- C:\Program Files\illiminable
2007-06-18 20:04 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-06-18 20:04 <DIR> d-------- C:\Program Files\VstPlugins
2007-06-18 20:03 <DIR> d-------- C:\Program Files\Image-Line
2007-06-18 19:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-06-18 19:26 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-18 19:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-18 19:03 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-18 19:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-18 19:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-18 18:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-18 18:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-18 18:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-18 18:21 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\SUPERAntiSpyware.com
2007-06-18 18:13 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\SiteAdvisor
2007-06-18 18:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-06-18 18:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-06-18 18:07 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-18 18:07 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-18 18:07 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-18 18:05 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-18 18:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-18 17:55 <DIR> d---s---- C:\DOCUME~1\user\UserData
2007-06-18 17:55 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-18 17:51 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-18 17:51 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Talkback
2007-06-18 16:54 <DIR> d--hs---- C:\RECYCLER
2007-06-17 20:05 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-06-17 20:04 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-06-17 20:04 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-17 20:04 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-17 20:03 74,240 --a------ C:\WINDOWS\system32\usbui.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-11-01 04:33]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-19 18:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-24 10:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16]
"DeskSlide"="C:\Program Files\DeskSlide\DeskSlide.exe" [2006-08-30 23:33]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 20:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{351f14f0-1d79-11dc-8337-001a92e393bf}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD

Contents of the 'Scheduled Tasks' folder
2007-06-19 12:20:15 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-29 21:40:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-29 21:41:03

--- E O F ---

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#10 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:06 PM

Posted 29 June 2007 - 09:08 AM

Is it possible to post a screenshot of the error?
Greets Jürgenv

Donation: Click me.

#11 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 29 June 2007 - 12:10 PM

Negative
Although the link i provided looks similar to the screenshot
By the way,i accidentaly placed a checkmark on "Kernel Fault Check" box entry
then clicked fix
But i was able to make a backup of it
http://forums.pcpitstop.com/index.php?showtopic=118910

Edited by Commander Gman, 29 June 2007 - 12:13 PM.

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#12 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:06 PM

Posted 29 June 2007 - 12:17 PM

Download next tool to a place where you'll find it easily:

http://djlizard.net/Dial-a-fix-2006-09-19.exe

Doubleclick Dial-a-fix-2006-09-19.exe to start the program. Check everything in the main window and click on 'Go'
Let the tool do his job and reboot your system and tell me how everything is working.

Edited by jurgenv, 29 June 2007 - 12:17 PM.

Greets Jürgenv

Donation: Click me.

#13 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 29 June 2007 - 08:15 PM

Urghh!!! It hit again
I'll have to use my laptop to fix this then since it disabled my internet connection + It also has changed my default home page into MSN start home page
And changed my default browser to something else i think IE
SuperAnti-Spyware whent a bit of corrupt when i opened it and was protecting MSN start page and my AVG Anti-Spyware detected over 70 cookies
But i have a USB stick that would transfer the tools
So anything that will involve a direct fix to my computer will not work even involving internet connection
I think the Kernel Fault Check stopped me from getting several BSODS and could give me an opportunity to fix my comp since the chances of fixing it with multiple BSODS are low :thumbsup:
I'll proceed to the tool shortly after

Edited by Commander Gman, 29 June 2007 - 08:26 PM.

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#14 Commander Gman

Commander Gman
  • Topic Starter

  • Members
  • 1,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 PM

Posted 29 June 2007 - 08:36 PM

Ok i think my Internet Connection has gone back up online eversince i ran the tool
But I'm just not quite sure that the internet connection disabled could be cause of either malware or whenever my internet keeps fooling me around
So far..everything goes smoothly,for now....
So are there any other tools to run?

Motherboard: MSI P35 Neo-F (Socket 775 LGA) Processor: Intel Core 2 Quad Q6600 @ 2.40 Ghz Kentsfield Chipset: Intel P35 Graphics Card: Nvidia Geforce GT 440 Memory: 2x 2GB DDR2 800 RAM Storage: 1x IDE 80GB, 1x SATA II 500 GB, 1x External 500GB HD Power Supply: 600W Power supply Monitor: Dual screen set-up Casing: Mini-ATX Fan(s): 1x 80mm silent fan OS: Windows XP SP3


#15 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:06 PM

Posted 30 June 2007 - 09:17 AM

So are there any other tools to run?

It depends... I hope your problem is solved now...
Greets Jürgenv

Donation: Click me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users