Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Ravmon.exe - USB hub!

  1. 2008-06-03, 20:07 #11
    peppermint
    peppermint is offline
    Junior Member
    Join Date
    May 2008
    Posts
    11

    Angry

    Hi,

    Ive got some problems. The laptop for some reason has a really slow internet connection. We are using broadband and it is fine on this pc which is on the same network (it got so bad I'm using this pc to write)

    Yeah so I can't scan with kasperky because the internet is unusually slow - I mean, taking 7 minutes to load google.com! Somethings amiss here

    Also, but this may be completely non related, but just at the same time of this, I cannot open itunes - it says it 'encountered a problem and has to close'
  2. 2008-06-03, 20:08 #12
    peppermint
    peppermint is offline
    Junior Member
    Join Date
    May 2008
    Posts
    11

    Default

    oh yeah, when I say laptop - I mean the laptop that was infected with ravmonE

    sorry, I couldn't find an edit button!
  3. 2008-06-03, 20:48 #13
    ndmmxiaomayi
    ndmmxiaomayi is offline
    Malware Team-Emeritus
    Join Date
    Jul 2007
    Location
    Little Red Dot
    Posts
    507

    Default

    Hi,

    Please run Deckard's System Scanner again and post back the log.
    扎西德勒 微笑中有阳光 不放弃的人都拥有希望

    Please do not message me for help. Create a new topic in the Malware Removal room instead.
  4. 2008-06-04, 21:01 #14
    peppermint
    peppermint is offline
    Junior Member
    Join Date
    May 2008
    Posts
    11

    Default

    That's really strange, suddenly my internet is back up again (although a little bit slower) and guess what - Itunes works again

    errrm I did a scan with dss.exe again:

    Deckard's System Scanner v20071014.68
    Run by Little Haze Barn on 2008-06-04 20:00:39
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Little Haze Barn.exe) ------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:00:45, on 04/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Windows\Imgtask.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Little Haze Barn\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HJT\LITTLE~1.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [ImgTask] C:\Windows\Imgtask.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/reso...PUplden-gb.cab
    O20 - Winlogon Notify: avgwlntf - C:\Windows\
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: BT Auto Backup Service (VaultClientSRV) - BT - C:\Program Files\BT Auto Backup\VaultClientSRV.exe
    O23 - Service: BT Auto Backup Upgrade Service (VaultClientUpgrade) - BT - C:\Program Files\BT Auto Backup\VaultClientUpgrade.exe

    --
    End of file - 7929 bytes

    -- Files created between 2008-05-04 and 2008-06-04 -----------------------------

    2008-06-03 22:33:56 0 d-------- C:\summaries
    2008-06-01 11:29:09 0 d-------- C:\Windows\regbackup
    2008-06-01 11:23:33 0 drahs---- C:\autorun.inf
    2008-05-28 09:28:22 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
    2008-05-27 12:40:01 0 d-------- C:\Program Files\Windows Live SkyDrive
    2008-05-26 16:51:41 0 d-------- C:\Users\All Users\Malwarebytes
    2008-05-26 16:51:40 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-21 23:00:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-17 14:48:38 0 d-------- C:\temp_phw
    2008-05-10 22:23:04 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-05-05 11:30:54 0 d-------- C:\Users\All Users\FLEXnet
    2008-05-05 02:22:00 0 d-------- C:\Program Files\Vstplugins
    2008-05-05 02:21:47 0 d-------- C:\Users\All Users\Sony
    2008-05-05 02:17:37 0 d-------- C:\Program Files\Sony Setup
    2008-05-05 01:10:26 0 d-------- C:\Program Files\r2 Studios


    -- Find3M Report ---------------------------------------------------------------

    2008-06-03 22:33:34 12 --a------ C:\Windows\bthservsdp.dat
    2008-06-01 20:30:00 0 d-------- C:\Program Files\JKDefrag
    2008-05-30 23:12:16 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\SiteAdvisor
    2008-05-29 21:30:46 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\OpenOffice.org2
    2008-05-28 15:58:12 0 d-------- C:\Program Files\BT Auto Backup
    2008-05-28 15:16:40 0 d-------- C:\Program Files\CCleaner
    2008-05-27 16:08:31 0 d-------- C:\Program Files\SpywareBlaster
    2008-05-26 16:51:51 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\Malwarebytes
    2008-05-24 21:15:39 0 d-------- C:\Program Files\SiteAdvisor
    2008-05-21 23:01:40 0 d-------- C:\Program Files\TechSmith
    2008-05-21 23:00:47 0 d-------- C:\Program Files\Common Files
    2008-05-18 21:49:04 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-05-17 01:15:34 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\fltk.org
    2008-05-17 01:14:45 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\flightgear.org
    2008-05-13 22:45:34 0 d-------- C:\Program Files\FrostWire
    2008-05-13 19:29:45 0 d-------- C:\Program Files\Windows Mail
    2008-05-10 21:51:29 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
    2008-05-10 21:51:21 0 d-------- C:\Program Files\DVDVideoSoft
    2008-05-08 21:11:20 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\Audacity
    2008-05-05 18:39:34 0 d-------- C:\Program Files\Common Files\Adobe
    2008-05-05 17:27:30 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\Sony
    2008-05-05 16:16:42 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\Publish Providers
    2008-05-05 11:31:41 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\Adobe
    2008-05-05 03:40:09 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\Download Manager
    2008-05-05 02:21:07 0 d-------- C:\Program Files\Sony
    2008-05-03 21:11:36 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\uTorrent
    2008-05-03 01:18:04 0 d-------- C:\Program Files\uTorrent
    2008-05-02 19:37:20 0 d-------- C:\Program Files\Paint.NET
    2008-04-30 21:13:32 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\KompoZer
    2008-04-30 21:12:50 0 d-------- C:\Program Files\Java
    2008-04-27 21:36:42 0 d-------- C:\Program Files\Common Files\TechSmith Shared
    2008-04-27 16:54:55 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\FrostWire
    2008-04-26 12:59:48 0 d-------- C:\Program Files\Common Files\INCA Shared
    2008-04-25 20:30:16 0 d-------- C:\Program Files\Alwil Software
    2008-04-23 22:27:45 0 d-------- C:\Program Files\MusicBrainz Picard
    2008-04-22 21:02:49 0 d-------- C:\Program Files\Mp3tag
    2008-04-19 23:25:55 0 d-------- C:\Program Files\DivX
    2008-04-19 19:59:04 0 d-------- C:\Program Files\Samsung
    2008-04-19 18:22:43 0 d-------- C:\Program Files\Realtek
    2008-04-19 11:55:16 174 --ahs---- C:\Program Files\desktop.ini
    2008-04-19 11:47:22 0 d-------- C:\Program Files\Windows Sidebar
    2008-04-19 11:47:22 0 d-------- C:\Program Files\Windows Calendar
    2008-04-19 11:47:21 0 d-------- C:\Program Files\Movie Maker
    2008-04-19 11:47:18 0 d-------- C:\Program Files\Windows Photo Gallery
    2008-04-19 11:47:10 0 d-------- C:\Program Files\Windows Defender
    2008-04-16 23:05:04 0 d-------- C:\Program Files\Apple Software Update
    2008-04-16 21:39:06 0 d-------- C:\Program Files\Picasa2
    2008-04-16 21:03:19 0 d-------- C:\Program Files\Google
    2008-04-13 21:45:32 9910 --a------ C:\Windows\mozver.dat
    2008-04-13 21:43:36 118784 --a------ C:\Windows\SeaMonkeyUninstall.exe
    2008-04-13 21:43:22 118784 --a------ C:\Windows\GREUninstall.exe
    2008-04-12 13:30:40 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\Nikon
    2008-04-12 13:25:01 0 d-------- C:\Program Files\Common Files\muvee Technologies
    2008-04-12 13:24:58 0 d-------- C:\Program Files\Common Files\Nikon
    2008-04-12 13:24:45 0 d-------- C:\Program Files\Nikon
    2008-04-12 13:24:15 268 -rah----- C:\Users\Little Haze Barn\AppData\Roaming\Image Manipulation
    2008-04-11 19:40:15 0 d-------- C:\Users\Little Haze Barn\AppData\Roaming\AVG7
    2008-04-11 16:29:10 0 d-------- C:\Program Files\OpenOffice.org 2.4
    2008-04-11 16:23:40 0 d-------- C:\Program Files\iTunes
    2008-04-11 16:23:29 0 d-------- C:\Program Files\iPod
    2008-04-11 16:22:22 0 d-------- C:\Program Files\QuickTime
    2008-03-31 22:25:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-03-31 22:25:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-03-31 22:25:46 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-03-31 22:25:46 831488 --a------ C:\Windows\system32\divx_xx0a.dll
    2008-03-31 22:25:46 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-03-21 21:30:08 3596288 --a------ C:\Windows\system32\qt-dx331.dll
    2008-03-21 21:28:54 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-03-21 21:28:54 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-03-21 21:28:20 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
    2008-03-21 03:01:32 335 --a------ C:\Windows\nsreg.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 08:38]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 00:19]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [08/01/2007 14:26]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
    "ImgTask"="C:\Windows\Imgtask.exe" [13/12/2006 04:26]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 15:32 C:\Windows\KHALMNPR.Exe]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [04/12/2007 22:03]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/04/2007 15:32 C:\Windows\KHALMNPR.Exe]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [4/24/2007 10:50:32 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "EnableLUA"=0 (0x0)
    "EnableUIADesktopToggle"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoAddPrinter"=1 (0x1)
    "StartMenuLogOff"=1 (0x1)
    "NoSearchInternetInStartMenu"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    C:\Windows\ehome\ehTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{394dad11-dc1a-11dc-bff7-00137763d39e}]
    AutoRun\command- F:\Imageviewer.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-06-04 20:01:08 ------------
  5. 2008-06-04, 21:15 #15
    ndmmxiaomayi
    ndmmxiaomayi is offline
    Malware Team-Emeritus
    Join Date
    Jul 2007
    Location
    Little Red Dot
    Posts
    507

    Default

    Hi,

    Please try running the Kaspersky scan.
    扎西德勒 微笑中有阳光 不放弃的人都拥有希望

    Please do not message me for help. Create a new topic in the Malware Removal room instead.
  6. 2008-06-04, 22:57 #16
    peppermint
    peppermint is offline
    Junior Member
    Join Date
    May 2008
    Posts
    11

    Default

    Hi,

    I ran kaspersky, it says im all clean

    Here's the log:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Wednesday, June 04, 2008 9:54:47 PM
    Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 4/06/2008
    Kaspersky Anti-Virus database records: 829085
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    G:\

    Scan Statistics:
    Total number of scanned objects: 91211
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 00:57:55

    Infected Object Name / Virus Name / Last Action
    C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
    C:\Boot\BCD Object is locked skipped
    C:\Boot\BCD.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\13dd4a9bcab428995deae8cdcd4807bc_08cb5b97-c65a-4d4d-909c-e33d951bbd9f Object is locked skipped
    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.93.Crwl Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.93.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wsb Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010028.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002A.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy380.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfD548.tmp Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfD549.tmp Object is locked skipped
    C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060420080605\index.dat Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows\UsrClass.dat{d6ffdd0c-d1b7-11dc-9d95-00137763d39e}.TM.blf Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows\UsrClass.dat{d6ffdd0c-d1b7-11dc-9d95-00137763d39e}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows\UsrClass.dat{d6ffdd0c-d1b7-11dc-9d95-00137763d39e}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows Defender\FileTracker\{7072BEC2-BA5E-4F68-86F7-15687B6A1701} Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows Live Contacts\alexholland12@hotmail.com\real\members.stg Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Microsoft\Windows Live Contacts\alexholland12@hotmail.com\shadow\members.stg Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Mozilla\Firefox\Profiles\7xhmcsmx.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Mozilla\Firefox\Profiles\7xhmcsmx.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Mozilla\Firefox\Profiles\7xhmcsmx.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Mozilla\Firefox\Profiles\7xhmcsmx.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Mozilla\Firefox\Profiles\7xhmcsmx.default\urlclassifier3.sqlite Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Temp\~DF25B2.tmp Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Temp\~DF2988.tmp Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Temp\~DF29F7.tmp Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Temp\~DF46EB.tmp Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Local\Temp\~DFD5FB.tmp Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Roaming\Mozilla\Firefox\Profiles\7xhmcsmx.default\cert8.db Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Roaming\Mozilla\Firefox\Profiles\7xhmcsmx.default\content-prefs.sqlite Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Roaming\Mozilla\Firefox\Profiles\7xhmcsmx.default\cookies.sqlite Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Roaming\Mozilla\Firefox\Profiles\7xhmcsmx.default\downloads.sqlite Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Roaming\Mozilla\Firefox\Profiles\7xhmcsmx.default\formhistory.sqlite Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Roaming\Mozilla\Firefox\Profiles\7xhmcsmx.default\key3.db Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Roaming\Mozilla\Firefox\Profiles\7xhmcsmx.default\parent.lock Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Roaming\Mozilla\Firefox\Profiles\7xhmcsmx.default\permissions.sqlite Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Roaming\Mozilla\Firefox\Profiles\7xhmcsmx.default\places.sqlite Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Roaming\Mozilla\Firefox\Profiles\7xhmcsmx.default\places.sqlite-journal Object is locked skipped
    C:\Users\Little Haze Barn\AppData\Roaming\Mozilla\Firefox\Profiles\7xhmcsmx.default\search.sqlite Object is locked skipped
    C:\Users\Little Haze Barn\Documents\Music\iTunes\iTunes Library.itl Object is locked skipped
    C:\Users\Little Haze Barn\NTUSER.DAT Object is locked skipped
    C:\Users\Little Haze Barn\ntuser.dat.LOG1 Object is locked skipped
    C:\Users\Little Haze Barn\ntuser.dat.LOG2 Object is locked skipped
    C:\Users\Little Haze Barn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
    C:\Users\Little Haze Barn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\Little Haze Barn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\bthservsdp.dat Object is locked skipped
    C:\Windows\Debug\PASSWD.LOG Object is locked skipped
    C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\SoftwareDistribution\EventCache\{7D6934F2-D65F-4722-9D93-01710770E7AE}.bin Object is locked skipped
    C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
    C:\Windows\System32\catroot2\edb.log Object is locked skipped
    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
    C:\Windows\System32\config\COMPONENTS Object is locked skipped
    C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
    C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
    C:\Windows\System32\config\DEFAULT Object is locked skipped
    C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
    C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
    C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
    C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
    C:\Windows\System32\config\RegBack\SAM Object is locked skipped
    C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
    C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
    C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
    C:\Windows\System32\config\SAM Object is locked skipped
    C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
    C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
    C:\Windows\System32\config\SECURITY Object is locked skipped
    C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
    C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
    C:\Windows\System32\config\SOFTWARE Object is locked skipped
    C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
    C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
    C:\Windows\System32\config\SYSTEM Object is locked skipped
    C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
    C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
    C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
    C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
    C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
    C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
    C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
    C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
    C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
    C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
    C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
    C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
    C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped
    C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
    C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
    C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
    C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
    C:\Windows\WindowsUpdate.log Object is locked skipped
    D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped

    Scan process completed.
  7. 2008-06-07, 23:22 #17
    ndmmxiaomayi
    ndmmxiaomayi is offline
    Malware Team-Emeritus
    Join Date
    Jul 2007
    Location
    Little Red Dot
    Posts
    507

    Default

    I missed your reply. I didn't get the notification.

    Your Kaspersky log looks good. Any issues?
    扎西德勒 微笑中有阳光 不放弃的人都拥有希望

    Please do not message me for help. Create a new topic in the Malware Removal room instead.
  8. 2008-06-08, 10:26 #18
    peppermint
    peppermint is offline
    Junior Member
    Join Date
    May 2008
    Posts
    11

    Smile Thank You

    Nope, I can't see any problems,

    Thanks for all your help!
  9. 2008-06-08, 20:57 #19
    ndmmxiaomayi
    ndmmxiaomayi is offline
    Malware Team-Emeritus
    Join Date
    Jul 2007
    Location
    Little Red Dot
    Posts
    507

    Default

    Great!

    Delete tools used

    Since we are done with the cleaning up, the tools are no longer. Please remove them.

    Please delete these files and folder.

    C:\Users\Little Haze Barn\Desktop\dss.exe
    C:\Deckard
    Flash_Disinfector.exe
    fix.reg
    regbackup.bat

    Hide system files

    1. Click on Start > Control Panel.
    2. Double click on Folder Options.
    3. Select the View tab.
    4. Under Hidden files and folders, select Do not show hidden files and folders.
    5. Check (tick) these two boxes:
      • Hide extensions for known file types
        Hide protected operating system files (Recommended)
    6. Click Yes when Windows prompts.
    7. Click OK to apply the settings.


    Create a new, clean System Restore point

    1. Click on Start > Control Panel.
    2. Double click on System.
    3. On the left, click on the System Protection link.
    4. At the bottom right hand corner, click on the Create... button.
    5. Give this System Restore point a descriptive name and click on Create.
    6. You should receive a prompt that a System Restore point is created successfully. Click OK to confirm.
    7. Click OK again to close the System Protection window. Then close Control Panel.


    Warning: Do not clear infected System Restore points before creating a new System Restore point first!

    Please read the above to create a new System Restore point first, then clear out the infected System Restore points.

    Clear infected System Restore points

    1. Click on Start > All Programs > Accessories > System Tools.
    2. Right click on Disk Cleanup and select Run As Administrator to run it. UAC will prompt. Allow it.
    3. Select your C drive and click OK.
    4. Select the More Options tab.
    5. Under System Restore and Shadow Copies, click on the Clean up... button.
    6. You will receive a prompt. Click on Delete to delete the old System Restore points.
    7. When done, click OK. You will receive another prompt. Click Delete Files to confirm.
    8. When done, Disk Cleanup will automatically close.


    Here are some prevention tips. There's no need to install all programs recommended.

    Keep your system updated

    Update Windows

    Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

    Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

    To update Windows, click on Start > Windows Update (or Start > All Programs > Windows Update if you are using the new Vista Start Menu). If the Windows Update is not found there, go to this link - http://update.microsoft.com/ .

    Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

    Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

    Be careful when opening attachments and downloading files.

    1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
    2. Never open emails from unknown senders.
    3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
    4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.


    Surf safely

    Many of the exploits are directed to users of Internet Explorer and Firefox.

    Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

    If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer.

    For Internet Explorer 7

    Please read this article to configure Internet Explorer 7 properly.

    Backup regularly

    You never know when your PC will become unstable or become so infected that you can't recover it. Follow this article to learn how to backup. To restore them, see this article.

    If you are using Vista Business, Vista Ultimate or Vista Enterprise, you might want to back up your whole computer instead. See here on how to do it.

    To restore, see this tutorial.

    Avoid P2P

    P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

    Prevent a re-infection

    1. Winpatrol
      Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

      You can get a free copy of Winpatrol or use the Plus version for more features.

      You can read Winpatrol's FAQ if you run into problems.

    2. Malwarebytes' Anti-Malware
      Malwarebytes' Anti-Malware is a new and powerful anti-malware program. It scans and removes malware for free, but if you want real-time protection, you can pay a small one-time fee.

      Remember to update and scan with it regularly. A tutorial for using Malwarebytes' Anti-Malware can be found on BFC Computer Help.

      Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

    3. SiteHound Toolbar
      SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.


    Use an alternative email client

    If you are using Outlook Express as your default email client, try using Thunderbird or Pegasus Mail instead.

    Here are some more things to read about:

    List of clean and infected download managers
    Configuring Skype
    Greater email safety
    Phishing - what is it?
    Configuring Outlook Express
    The Unofficial Cookie FAQ
    Securing your home wireless network
    80 Super Security Tips
    The different classes of security softwares
    扎西德勒 微笑中有阳光 不放弃的人都拥有希望

    Please do not message me for help. Create a new topic in the Malware Removal room instead.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules