Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Restart on login BSOD 0x8E


  • This topic is locked This topic is locked
16 replies to this topic

#1 adamdama

adamdama

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 06 March 2007 - 08:39 AM

my post from here.
i have been asked to move this post to here with my HJT logfile so here it is.
thanks for the help guys much appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 14:32:50, on 06/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WireLessMouse] D:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] D:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SCDEmuApp.exe] D:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RAMBooster.Net] D:\Program Files\RAMBooster.Net\RAMBooster.exe -m
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "d:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "d:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [syswin] D:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Y'z ToolBar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1170297870533
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170297834830
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zon...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab55579.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avldr - D:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - D:\WINDOWS\system32\vblhanf.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - d:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KYFR - Sysinternals - www.sysinternals.com - D:\DOCUME~1\Owner\LOCALS~1\Temp\KYFR.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

Edited by adamdama, 06 March 2007 - 08:44 AM.

    Advertisements

Register to Remove


#2 adamdama

adamdama

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 06 March 2007 - 08:56 AM

i looked at device manager found one yellow warning for an unkown device anyway to find out what it is? i looked at the details and this is the Device instance id: ACPI\ABT2005\3&61AAA01&0 i guess this is something to do with motherboard as its made by ABiT however i dont know i tried reinstalling the drivers using my ABiT driver disk to no avail. got any idea what it is? also totally unrelated i noticed that i dont have any usb2.0 drivers any ideas where i can get any? thanks

#3 adamdama

adamdama

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 06 March 2007 - 10:14 AM

also ran chkdsk /f /r which found and repaired one bad cluster. sfc / scannow found no problems as far as i am aware.

#4 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 07 March 2007 - 05:40 PM

hi adamdama,

we will do everything in safe mode, so i would copy/paste this into notepad and save it somewhere so you can read it while in safe mode.

to reach safe mode you would tap the f8 key during a computer restart. chose the first option from the list;safe mode.
--------------------------------
once in safe mode do this:

1. Click Start > Run > type: sc stop KYFR.exe > then OK
2. Click Start > Run > type: sc delete KYFR.exe > then OK

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [syswin] D:\WINDOWS\system32\v6.exe
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O21 - SSODL: didymiums - {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} - D:\WINDOWS\system32\vblhanf.dll (file missing)

also do this in safe mode:
Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

also please run AVG antispyware in safe mode
--------------------------------------------------------
reboot normally, two downloads to get and run. first will be SDFix then SmitfraudFix

SDFix.exe:
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
--------------------------------------------------------------
smitfraud:

Download SmitfraudFix.exe from here and save it to your desktop.

http://www.bleepingc...mitfraudfix.php

double click the icon on your desktop, and chose the 1st option search.
please save the log it generates and post it back here along with the SDFix log and a new hjt log please.

shelf life
How Can I Reduce My Risk?

#5 adamdama

adamdama

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 07 March 2007 - 08:34 PM

i tried using SDFix but as i cannot log into windows in normal mode it did not do the follow up repair when i logged into safe mode. however i did use smitfruadfix with the following result: SmitFraudFix v2.148 Scan done at 2:30:21.35, 08/03/2007 Run from D:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» D:\ »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Owner »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Owner\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}"="didymiums" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End and my new HJT log:

#6 adamdama

adamdama

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 07 March 2007 - 08:35 PM

Logfile of HijackThis v1.99.1
Scan saved at 02:31:51, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WireLessMouse] D:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] D:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "d:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDFix] D:\SDFix\RunThis.bat /second
O4 - HKLM\..\RunOnce: [SDFix] D:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1170297870533
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170297834830
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zon...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab55579.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avldr - D:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - d:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KYFR - Sysinternals - www.sysinternals.com - D:\DOCUME~1\Owner\LOCALS~1\Temp\KYFR.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

#7 adamdama

adamdama

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 07 March 2007 - 08:39 PM

i worked out how to run the second scan of sdfix by typing D:\SDFix\RunThis.bat /second into the run box this was the result:

SDFix: Version 1.69

Run by Owner - 08/03/2007 @ 2:19:30.43

Microsoft Windows XP [Version 5.1.2600]

Running From: D:\SDFix

Safe Mode:
Checking Services:





Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

D:\WINDOWS\Temp\win17E.tmp.exe - Deleted
D:\WINDOWS\Temp\win180.tmp.exe - Deleted
D:\WINDOWS\Temp\win18C.tmp.exe - Deleted
D:\WINDOWS\Temp\win190.tmp.exe - Deleted
D:\WINDOWS\Temp\win194.tmp.exe - Deleted
D:\WINDOWS\Temp\win198.tmp.exe - Deleted
D:\WINDOWS\Temp\win1A3.tmp.exe - Deleted
D:\WINDOWS\Temp\win1A5.tmp.exe - Deleted
D:\WINDOWS\Temp\win1B1.tmp.exe - Deleted
D:\WINDOWS\Temp\win1B5.tmp.exe - Deleted
D:\WINDOWS\Temp\win1B9.tmp.exe - Deleted
D:\WINDOWS\Temp\win1BD.tmp.exe - Deleted
D:\WINDOWS\Temp\win23D.tmp.exe - Deleted
D:\WINDOWS\Temp\win23F.tmp.exe - Deleted
D:\WINDOWS\Temp\win249.tmp.exe - Deleted
D:\WINDOWS\Temp\win24C.tmp.exe - Deleted
D:\WINDOWS\Temp\win250.tmp.exe - Deleted
D:\WINDOWS\Temp\win255.tmp.exe - Deleted
D:\WINDOWS\Temp\win259.tmp.exe - Deleted
D:\WINDOWS\Temp\win45C.tmp.exe - Deleted
D:\WINDOWS\Temp\win45E.tmp.exe - Deleted
D:\WINDOWS\Temp\win46A.tmp.exe - Deleted
D:\WINDOWS\Temp\win46E.tmp.exe - Deleted
D:\WINDOWS\Temp\win472.tmp.exe - Deleted
D:\WINDOWS\Temp\win476.tmp.exe - Deleted
D:\WINDOWS\Temp\win479.tmp.exe - Deleted
D:\WINDOWS\Temp\win523.tmp.exe - Deleted
D:\WINDOWS\Temp\win526.tmp.exe - Deleted
D:\WINDOWS\Temp\win52D.tmp.exe - Deleted
D:\WINDOWS\Temp\win531.tmp.exe - Deleted
D:\WINDOWS\Temp\win533.tmp.exe - Deleted
D:\WINDOWS\Temp\win540.tmp.exe - Deleted
D:\WINDOWS\Temp\win645.tmp.exe - Deleted
D:\WINDOWS\Temp\win649.tmp.exe - Deleted
D:\WINDOWS\Temp\win64D.tmp.exe - Deleted
D:\WINDOWS\Temp\win651.tmp.exe - Deleted
D:\WINDOWS\Temp\win655.tmp.exe - Deleted
D:\WINDOWS\Temp\win17E.tmp.exe - Deleted
D:\WINDOWS\Temp\win180.tmp.exe - Deleted
D:\WINDOWS\Temp\win18C.tmp.exe - Deleted
D:\WINDOWS\Temp\win190.tmp.exe - Deleted
D:\WINDOWS\Temp\win194.tmp.exe - Deleted
D:\WINDOWS\Temp\win198.tmp.exe - Deleted
D:\WINDOWS\Temp\win1A3.tmp.exe - Deleted
D:\WINDOWS\Temp\win1A5.tmp.exe - Deleted
D:\WINDOWS\Temp\win1B1.tmp.exe - Deleted
D:\WINDOWS\Temp\win1B5.tmp.exe - Deleted
D:\WINDOWS\Temp\win1B9.tmp.exe - Deleted
D:\WINDOWS\Temp\win1BD.tmp.exe - Deleted
D:\WINDOWS\Temp\win23D.tmp.exe - Deleted
D:\WINDOWS\Temp\win23F.tmp.exe - Deleted
D:\WINDOWS\Temp\win249.tmp.exe - Deleted
D:\WINDOWS\Temp\win24C.tmp.exe - Deleted
D:\WINDOWS\Temp\win250.tmp.exe - Deleted
D:\WINDOWS\Temp\win255.tmp.exe - Deleted
D:\WINDOWS\Temp\win259.tmp.exe - Deleted
D:\WINDOWS\Temp\win45C.tmp.exe - Deleted
D:\WINDOWS\Temp\win45E.tmp.exe - Deleted
D:\WINDOWS\Temp\win46A.tmp.exe - Deleted
D:\WINDOWS\Temp\win46E.tmp.exe - Deleted
D:\WINDOWS\Temp\win472.tmp.exe - Deleted
D:\WINDOWS\Temp\win476.tmp.exe - Deleted
D:\WINDOWS\Temp\win479.tmp.exe - Deleted
D:\WINDOWS\Temp\win523.tmp.exe - Deleted
D:\WINDOWS\Temp\win526.tmp.exe - Deleted
D:\WINDOWS\Temp\win52D.tmp.exe - Deleted
D:\WINDOWS\Temp\win531.tmp.exe - Deleted
D:\WINDOWS\Temp\win533.tmp.exe - Deleted
D:\WINDOWS\Temp\win540.tmp.exe - Deleted
D:\WINDOWS\Temp\win645.tmp.exe - Deleted
D:\WINDOWS\Temp\win649.tmp.exe - Deleted
D:\WINDOWS\Temp\win64D.tmp.exe - Deleted
D:\WINDOWS\Temp\win651.tmp.exe - Deleted
D:\WINDOWS\Temp\win655.tmp.exe - Deleted
D:\DOCUME~1\Owner\LOCALS~1\Temp\win343.tmp.exe - Deleted
D:\DOCUME~1\Owner\LOCALS~1\Temp\win345.tmp.exe - Deleted
D:\DOCUME~1\Owner\LOCALS~1\Temp\win350.tmp.exe - Deleted
D:\DOCUME~1\Owner\LOCALS~1\Temp\win354.tmp.exe - Deleted
D:\DOCUME~1\Owner\LOCALS~1\Temp\win358.tmp.exe - Deleted
D:\DOCUME~1\Owner\LOCALS~1\Temp\win35D.tmp.exe - Deleted
D:\DOCUME~1\Owner\LOCALS~1\Temp\win360.tmp.exe - Deleted
D:\WINDOWS\Temp\win*.tmp - Deleted



ADS Check:

D:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\MSN Messenger\\msncall.exe"="D:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"="D:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\MSN Messenger\\msncall.exe"="D:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - D:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

D:\Documents and Settings\Owner\My Documents\My Stuff\Anime\Final Fantasy VII Advent Children [DVDRIP] [Sub Eng + Spa by Whistler] [www.pctorrent.com]\Thumbs.db
D:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
D:\Documents and Settings\Owner\My Documents\My Stuff\UNI\Databases\~WRL0214.tmp
D:\Documents and Settings\Owner\My Documents\My Stuff\UNI\Databases\~WRL3272.tmp
D:\WINDOWS\LastGood.Tmp\INF\oem10.inf
D:\WINDOWS\LastGood.Tmp\INF\oem10.PNF

Add/Remove Programs List:

Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe SVG Viewer 3.0
ATI - Software Uninstall Utility
ATI Display Driver
AVG Anti-Spyware 7.5
BitComet 0.70
BlueJ 2.1.3
DivX Content Uploader
HijackThis 1.99.1
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
High Definition Audio Driver Package - KB888111
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Mozilla Firefox (2.0.0.1)
Mozilla Firefox (2.0.0.2)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
Direct Show Ogg Vorbis Filter (remove only)
Pack Vista Inspirat 1.1
PowerISO
Settlers3
Shockwave
Adobe Flash Player 9 ActiveX
SoulSeek Client 156c
VideoLAN VLC media player 0.8.5
Windows Imaging Component
WinRAR archiver
Microsoft User-Mode Driver Framework Feature Pack 1.5
XP Codec Pack
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.2 final uninstall
Adobe Creative Suite 2
Macromedia Dreamweaver 8
Nokia Connectivity Cable Driver
Microsoft .NET Framework 3.0
AutoUpdate
Windows Live Sign-in Assistant
Adobe Photoshop CS2
Macromedia Flash 8
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Development Kit 5.0 Update 9
iTunes
Adobe GoLive CS2
Windows Communication Foundation
Adobe© Photoshop© Album Starter Edition 3.0
Macromedia Fireworks 8
QuickTime
Macromedia Extension Manager
Windows Live Messenger
Microsoft .NET Framework 2.0
DivX Codec
Windows Workflow Foundation
Adobe InDesign CS2
Macromedia Flash Player 8
Shogun - Total War - Gold Edition
DivX Player
Macromedia Flash 8 Video Encoder
ALi USB2.0 Driver
Adobe Common File Installer
THE SETTLERS - Heritage of Kings
Macromedia Flash Player 8 Plugin
REALTEK Gigabit and Fast Ethernet NIC Driver
Windows Defender
Apple Software Update
PC Connectivity Solution
Adobe Acrobat 7.0 Professional
Adobe Reader 8
Adobe Version Cue CS2
DivX Converter
Adobe Illustrator CS2
SyncToy
DivX Web Player
Adobe Bridge 1.0
ATI Catalyst Control Center
Company of Heroes
Windows Presentation Foundation
Athlon 64 Processor Driver
Suite Specific
Microsoft .NET Framework 1.1
SUPERAntiSpyware Free Edition
Nokia PC Suite
Adobe Help Center 1.0
Multimedia Combo Set Driver
Adobe Stock Photos 1.0
Panda Platinum 2006 Internet Security
Realtek High Definition Audio Driver
User Profile Hive Cleanup Service

Finished

#8 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 07 March 2007 - 08:59 PM

hi adamdama, ok good, thanks for the info. please do this in safe mode go to start>run and type in--> services.msc,<--in the list of services that comes up, under the name column look for>>KYFR right click on it and select properties. under the general tab: make sure that the service status is: Stopped and the Startup type is: disabled ---------------------------------- to show all files: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok see if you can locate and delete this file: KYFR.exe located here: D:\DOCUME~1\Owner\LOCALS~1\Temp (D:\documents and settings\owner\local settings\temp) -------------------------------- please run the clean (option 2) of the smitfraud fix post new hjt log. shelf life
How Can I Reduce My Risk?

#9 adamdama

adamdama

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 07 March 2007 - 09:48 PM

new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 03:46:22, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\explorer.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WireLessMouse] D:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] D:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "d:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://d:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1170297870533
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1170297834830
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zon...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab55579.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avldr - D:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - d:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

#10 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 08 March 2007 - 05:07 AM

hi adamdama, good. can you run avg antispyware once, save the log and post it just to see if it digs up anything. after the scan: If you have any infections you will prompted, then select "Apply all actions Next select the "Reports" icon at the top. Select the "Save report as" button in the lower left hand of the screen and save it to a text file somewhere so you can find it. please post log in next reply it there is alot of cookies you can edit them out to keep it shorter. shelf life
How Can I Reduce My Risk?

    Advertisements

Register to Remove


#11 adamdama

adamdama

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 08 March 2007 - 09:58 AM

AVG anti-spyware log: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 15:58:57 08/03/2007 + Scan result: :mozilla.140:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.150:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.151:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.22:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.24:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.25:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.26:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.27:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.65:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.66:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.8:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.165:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.95:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.97:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.98:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.182:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned. :mozilla.79:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.23:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.186:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.154:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.181:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.183:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.138:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.139:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.225:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.164:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.68:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.69:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.218:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.219:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.136:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.137:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.199:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.28:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.160:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.152:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.156:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.143:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.144:D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9ir1vra9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end

Edited by adamdama, 08 March 2007 - 10:02 AM.


#12 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 08 March 2007 - 04:59 PM

hi adamdama,

good. thanks for the info. avg flagged nothing but cookies, thats good


ACPI\ABT2005\3&61AAA01&0
seems to be a abit utility

from ABIT forum:
-------------------------------------------
Hi Guys, just registered and very new to the ABIT forum. Really need some help if possible. I have a

AW8 MAX mobo
Pentium Dual Core 3.2 Ghz
Gigyabyte 7800GTX
Seagate SATA Drive
1 GB Kingston Memory

I have installed XP Home Edition SP2 and all the updates.
Also used the ABIT Disk to install all drivers and the respective Gigabyte disk to install the graphics card drivers

The problem I am having is there is an unknown device in device manager and the hardware id says it is:

ACPI\ABT2005
*ABT2005

I would be grateful for any help

Thanks
-----------------------------------
:) I know I am posting my own reply but I found the answer: I ran the cd and selected the \ABIT UTILITY\ABIT Guru and ran setup - rebooted and xp recognised the hardware
----------------------------------
Sorry its the Guru microprocessor you have to install that software for it to be recognized.


dosnt look like its part of the problem. have you updated any drivers lately? sorry if you have answered these questions, i cant remember your other thread that Dough is working on.

shelf life
How Can I Reduce My Risk?

#13 adamdama

adamdama

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 08 March 2007 - 08:00 PM

not a problem mate. nope i havent changed anythin in ages since i got it sorted and reformatted from a problem i had with 0x50 errors but at least this time i can use safe mode. does not appear to be an obvious problem then? i appreciate any help you can offer cheers adam

#14 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 08 March 2007 - 08:42 PM

hi adamdama,

does not appear to be an obvious problem then

this: ACPI\ABT2005\3&61AAA01&0 does not appear to be.

did you run the clean ( option 2) of the smitfraudFix? can you post the log
-----------------------------------------
go to start>run and type in msconfig. under the boot.ini tab make sure safe mode isnt selected.
you getting any BSOD's (blue screens)?

shelf life
How Can I Reduce My Risk?

#15 adamdama

adamdama

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 08 March 2007 - 09:11 PM

i did as your above post suggested and have cleared the error in the unknow device. i did another smitfraudfix clean and here is the log thanks for your time. yeah i am getting a BSOD every time i try to log into normal mode the error code is 0x8e SmitFraudFix v2.148 Scan done at 3:08:32.43, 09/03/2007 Run from D:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

Edited by adamdama, 08 March 2007 - 09:25 PM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users