Had the hldrrr/wintems.exe virus,and still AV not runing

SagiLo · Jan 24, 2008

There is something really strage going on in my comp :|
I downloaded a file from eMule and it was a worm ,
all the AV i tried are not working
NOD32 - "cannot perform scan"
Spyware Doctor - "sdloader is not a valid win32 application"
ComboFix also giving me the same massege.
I googled for this "xxx.exe is not a valid win32 app" and i didnt find anything helpfull.
I tried to scan with "SpyEraser" which is a portable program and it ran OK.
After all that im in the same position more or less
i saw those 2 threads here :
http://forums.spybot.info/showthread.php?t=23073&page=2
http://forums.spybot.info/showthread.php?t=22682
I did what the guys there said (same solution on diffrent programs) and still . i cant run AV.
I cant see on my computer anything related to hldrrr/wintems after i deleted them (i deleted HLDRRR.exe through HIJD cause IceSword and Gmer didnt show me this file any where)
here is my HIJD and my Gmer logs :

I dont know what to do anymore , im really that close to just format :|
maybe someone here will be my saver !:angel:

btw
the Gmer log is splitted to 4 parts , it not 4 logs
sorry fot that :|

SagiLo · Jan 24, 2008

another something wrong:
when i restart the computer and trying to launch safemode
it loads the drivers and then restarts itself with no warning or alerting .
all that things (the restarts and the win32 app alerts) didnt happen before this worm !!!

pls pls pls help !!!!

Rorschach112 · Jan 24, 2008

Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Don't attach the report please

SagiLo · Jan 24, 2008

first of all
all the programs are runing back again ! (before the combofix)

Combo Log :
ComboFix 08-01-23.2 - Admin 01/24/2008 16:23:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1255.1.1033.18.263 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fu1.exe
C:\WINDOWS\system32\setup_06801.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\nm

((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 14:27 436,256 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-24 14:27 3,704 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-24 14:27 16,928 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-24 14:27 10,364 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-24 14:12 --------- d-----w C:\Program Files\NOD32
2008-01-24 13:55 --------- d-----w C:\Program Files\ICQ
2008-01-24 13:40 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-24 13:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-22 17:31 --------- d-----w C:\Program Files\eMule
2008-01-21 05:16 --------- d-----w C:\Program Files\FlashGet
2008-01-20 19:37 --------- d-----w C:\Program Files\Trojan Remover
2008-01-20 10:38 --------- d-----w C:\Program Files\Muti ID3 Tag Editor
2008-01-12 22:27 --------- d-----w C:\Program Files\Nero
2008-01-12 22:27 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-12 15:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-12 15:47 --------- d-----w C:\Program Files\FlashFXP
2008-01-12 15:41 361,344 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-01-12 15:41 361,344 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-01-12 14:29 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-07 16:25 12,505,824 ----a-w C:\Program Files\signandverify.exe
2008-01-04 16:52 47,342 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-04 16:52 4,203 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-04 16:04 --------- d-----w C:\Program Files\Devious Codeworks
2008-01-04 15:45 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2007-12-31 15:18 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-12-31 15:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-31 15:18 --------- d-----w C:\Program Files\TP-LINK
2007-12-21 14:42 --------- d-----w C:\Program Files\DivX
2007-12-21 13:56 --------- d-----w C:\Program Files\Serials 2000 7.1 Plus
2007-12-21 06:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 06:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 06:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-16 02:23 --------- d-----w C:\Program Files\PocketDVDStudio
2007-12-13 17:58 --------- d-----w C:\Program Files\CStrike_1.6
2007-12-11 20:31 --------- d-----w C:\Program Files\DIFX
2007-12-11 19:49 --------- d-----w C:\Program Files\ARAR
2007-12-10 12:53 81,288 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-10 12:53 66,952 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-10 12:53 41,864 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-10 12:53 29,576 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-12-09 11:38 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-12-07 13:12 --------- d-----w C:\Program Files\Your Uninstaller 2008
2007-12-07 11:35 --------- d-----w C:\Program Files\Windows Desktop Search
2007-12-02 07:40 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-12-02 07:40 --------- d-----w C:\Program Files\ACD Systems
2007-12-01 09:37 --------- d-----w C:\Program Files\MSBuild
2007-12-01 09:32 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-01 08:56 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-11-30 22:27 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2007-11-30 22:27 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2007-11-30 22:27 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2007-11-30 22:27 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2007-11-30 22:26 69,120 ----a-w C:\WINDOWS\notepad.exe
2007-11-30 22:26 50,688 ----a-w C:\WINDOWS\twain_32.dll
2007-11-30 22:26 32,866 ------w C:\WINDOWS\slrundll.exe
2007-11-30 22:26 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2007-11-30 22:26 146,432 ----a-w C:\WINDOWS\regedit.exe
2007-11-30 22:26 11,325 ------w C:\WINDOWS\system32\drivers\vchnt5.dll
2007-11-30 22:26 10,752 ----a-w C:\WINDOWS\hh.exe
2007-11-30 22:26 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2007-11-30 22:25 4,255 ------w C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-11-30 22:25 3,967 ------w C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-11-30 22:25 3,901 ------w C:\WINDOWS\system32\drivers\siint5.dll
2007-11-30 22:25 3,775 ------w C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-11-30 22:25 3,711 ------w C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-11-30 22:25 3,647 ------w C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-11-30 22:25 3,615 ------w C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-11-30 22:25 3,135 ------w C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-11-30 22:25 25,471 ------w C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-11-30 22:25 21,183 ------w C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-11-30 22:25 17,279 ------w C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-11-30 22:25 15,423 ------w C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-11-30 22:25 14,143 ------w C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-11-30 22:25 11,359 ------w C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-11-30 16:26 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2007-11-30 16:19 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2007-11-30 16:18 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2007-11-30 16:18 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2007-11-30 16:18 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2007-11-30 16:18 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2007-11-30 16:17 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2007-11-30 16:17 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2007-11-30 16:17 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2007-11-30 16:15 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2007-11-30 16:14 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2007-11-30 16:14 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2007-11-30 16:14 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2007-11-30 16:14 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2007-11-30 16:13 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2007-11-30 16:13 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2007-11-30 16:13 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2007-11-30 16:13 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2007-11-30 16:12 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2007-11-30 16:12 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2007-11-30 16:12 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2007-11-30 16:07 --------- d-----w C:\Program Files\RapidLeecher Ultimate 2007
2007-11-30 15:55 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2007-11-30 15:54 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-11-30 15:54 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2007-11-30 15:50 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/01/2007 12:26 AM 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM 1318912]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/21/2008 02:21 AM 686915]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [10/15/2002 06:00 PM 1818624 C:\WINDOWS\mixer.exe]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [01/24/2008 12:45 PM 737872]
"egui"="C:\Program Files\NOD32\egui.exe" [12/21/2007 08:21 AM 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [12/01/2007 12:26 AM 15360]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"WMI Standard Event Consumer - Scripting"="C:\WINDOWS\System32\wbem\scrcons32.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TL-WN321G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [12/31/2007 5:18:18 PM 622592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
WMI Standard Event Consumer - Scripting REG_SZ C:\WINDOWS\System32\wbem\scrcons32.exe

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 10/10/2007 07:51 PM 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
C:\Program Files\AdVantage\AdVantage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 12/01/2007 12:26 AM 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 12/28/2007 10:06 PM 2521088 C:\Program Files\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 09/25/2007 10:10 AM 2007088 C:\Program Files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 06/26/2006 04:13 PM 1207080 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 08/31/2007 12:01 PM 1037736 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
--a------ 10/14/2003 06:36 PM 38984 C:\PROGRA~1\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmsass]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NodLogin]
C:\Program Files\NOD32\nodlogin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 01/12/2005 03:01 AM 32768 C:\Program Files\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 11/01/2007 04:01 PM 160832 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 09/25/2007 01:11 AM 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMI Standard Event Consumer - Scripting]
C:\WINDOWS\System32\wbem\scrcons32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=C:\Program Files\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe -startup

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [12/21/2007 08:21 AM]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [08/04/2004 07:29 AM]
S0 Ramdisk;Ramdisk Driver;C:\WINDOWS\system32\DRIVERS\ramdsk.sys [09/28/2004 04:00 AM]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [07/17/2002 09:05 AM]
S3 ati2mpaa;ati2mpaa;C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys [08/17/2001 02:48 PM]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys [08/17/2001 02:11 PM]
S3 netr73;TL-WN321G Wireless USB Adapter Driver for Vista;C:\WINDOWS\system32\DRIVERS\netr73.sys [01/04/2007 10:41 AM]
S3 nk4Seem;nk4Seem;C:\Documents and Settings\Admin\Desktop\Seem_v4.0.en\nk4Seem.sys [06/18/2006 06:08 PM]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [11/30/2007 05:31 PM]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-01-20 22:54:33 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- E:\Programs\Portable\SpyEraser_Portable\SpyEraser Portable\App\SpyEraser\SpyEraser.exe
"2008-01-24 10:40:34 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A860A66A-FF93-4FF4-AA6E-741273CED4BD}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 16:28:42
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

although everything works , there are still 2 problems
1. some of the programs almost stuck the computer (search&destroy for example)
2. i cant load my computer on safemode ! it loads te drivers and restart itself !!!
i hope you can help me !

HIJT log in next replay

SagiLo · Jan 24, 2008

HIJT log :
HIJT log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40, on 2008-01-24
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NOD32\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\NOD32\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\NOD32\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe (User 'Default user')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &הורד באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &הורד הכל באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193925644898
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A33A39B-4DA5-4131-9315-BAEE601C56F1}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A33A39B-4DA5-4131-9315-BAEE601C56F1}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A33A39B-4DA5-4131-9315-BAEE601C56F1}: NameServer = 10.0.0.138
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\NOD32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\NOD32\ekrn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8091 bytes

SagiLo · Jan 24, 2008

although everything works , there are still 2 problems
1. some of the programs almost stuck the computer (search&destroy for example)
2. i cant load my computer on safemode ! it loads te drivers and restart itself !!! (as you can see in the combofix log)
i hope you can help me !

Rorschach112 · Jan 24, 2008

You still have other malware thats why

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.

Download and run SafeBootKeyRepair-CF from:

http://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe
or
http://www.techsupportforum.com/sectools/sUBs/SafeBootKeyRepair-CF.exe

It will take only a moment for it to run.
A log will be produced at C:\SafeBoot_Repair.txt. Please post that in your next reply

Reboot and do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

SagiLo · Jan 24, 2008

here is the safeboot log :
Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\nm.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sdcoreservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\UploadMgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

SagiLo · Jan 24, 2008

Here is the DSS log (2 reply's)

"extra.txt"

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) Processor
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 511.47 MiB / 284.37 MiB
Pagefile Memory (total/avail): 1248.18 MiB / 1085.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1882.55 MiB

C: is Fixed (NTFS) - 19.53 GiB total, 7.04 GiB free.
D: is Fixed (NTFS) - 31.24 GiB total, 1.55 GiB free.
E: is Fixed (NTFS) - 23.74 GiB total, 9.09 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJA0 - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended Partition - 54.99 GiB - D: - E:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Admin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAGI-NE1E0WRZ4B
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Admin
LOGONSERVER=\\SAGI-NE1E0WRZ4B
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0402
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
USERDOMAIN=SAGI-NE1E0WRZ4B
USERNAME=Admin
USERPROFILE=C:\Documents and Settings\Admin
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Admin (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-040D-0000-0000000FF1CE} /uninstall {A004FD0A-0163-4D95-8202-9D2BDB050610}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-040D-0000-0000000FF1CE} /uninstall {A004FD0A-0163-4D95-8202-9D2BDB050610}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-040D-0000-0000000FF1CE} /uninstall {A004FD0A-0163-4D95-8202-9D2BDB050610}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-040D-0000-0000000FF1CE} /uninstall {A004FD0A-0163-4D95-8202-9D2BDB050610}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-040D-0000-0000000FF1CE} /uninstall {A004FD0A-0163-4D95-8202-9D2BDB050610}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-040D-0000-0000000FF1CE} /uninstall {A004FD0A-0163-4D95-8202-9D2BDB050610}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040D-0000-0000000FF1CE} /uninstall {5159E1AC-E76D-4654-9C02-F1D519420853}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0419-0000-0000000FF1CE} /uninstall {D7CE14BC-96D9-41C5-822D-F5B1C2C35AA2}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-040D-0000-0000000FF1CE} /uninstall {A004FD0A-0163-4D95-8202-9D2BDB050610}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-040D-0000-0000000FF1CE} /uninstall {7D4CA703-DCAF-4E3E-876B-6941FE5E8C42}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-040D-0000-0000000FF1CE} /uninstall {A004FD0A-0163-4D95-8202-9D2BDB050610}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {B103ABDA-7A7B-47CE-A08D-F3B1CFD75B9F}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-040D-0000-0000000FF1CE} /uninstall {A004FD0A-0163-4D95-8202-9D2BDB050610}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ACDSee 10 Photo Manager --> MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Advanced RAR Repair v1.1 --> C:\PROGRA~1\ARAR\UNWISE.EXE C:\PROGRA~1\ARAR\INSTALL.LOG
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Alex Buturuga - Muti ID3 Tag Editor 1.3b1 --> "C:\Program Files\Muti ID3 Tag Editor\uninstall.exe"
BS.Player PRO --> "C:\Program Files\BSplayerPro\uninstall.exe"
Duplicate File Detective v1.5 --> "C:\Program Files\Duplicate File Detective\unins000.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
File Renamer - Basic --> C:\WINDOWS\File Renamer - Basic Uninstaller.exe
FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ --> C:\PROGRA~1\ICQ\ICQUninstall.EXE
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.5.3 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Office Access MUI (Hebrew) 2007 --> MsiExec.exe /X{90120000-0015-040D-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Hebrew) 2007 --> MsiExec.exe /X{90120000-0016-040D-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (Hebrew) 2007 --> MsiExec.exe /X{90120000-0114-040D-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Hebrew) 2007 --> MsiExec.exe /X{90120000-0044-040D-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Hebrew) 2007 --> MsiExec.exe /X{90120000-00A1-040D-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Hebrew) 2007 --> MsiExec.exe /X{90120000-001A-040D-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Hebrew) 2007 --> MsiExec.exe /X{90120000-0018-040D-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Hebrew) 2007 --> MsiExec.exe /X{90120000-001F-040D-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007 --> MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proofing (Hebrew) 2007 --> MsiExec.exe /X{90120000-002C-040D-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Hebrew) 2007 --> MsiExec.exe /X{90120000-0019-040D-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (Hebrew) 2007 --> MsiExec.exe /X{90120000-006E-040D-0000-0000000FF1CE}
Microsoft Office Word MUI (Hebrew) 2007 --> MsiExec.exe /X{90120000-001B-040D-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 Micro v8.0.3.0 --> "C:\Program Files\Nero\unins000.exe"
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Program Files\NOD32\unins000.exe"
PCI Audio Driver --> cmuninst.exe
PlaylistSync --> MsiExec.exe /I{E8D34308-59B5-4C67-9AA7-DC15114B2DB3}
Pocket-DVD Studio(remove only) --> "C:\Program Files\PocketDVDStudio\bt-uninst.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
TL-WN321G Wireless Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B468AE7B-C667-4073-BED8-EAD17D5EE08C}\setup.exe" -l0x9 -removeonly
Totalidea RAM-Disk Driver --> MsiExec.exe /I{C184D1AB-53A1-42D9-9ECA-109F6DEE8EF3}
Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Your Uninstaller! 2008 Version 6.0 --> "C:\Program Files\Your Uninstaller 2008\unins000.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type861 / Warning
Event Submitted/Written: 01/24/2008 06:39:34 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type858 / Error
Event Submitted/Written: 01/24/2008 05:30:17 PM
Event ID/Source: 1021 / MsiInstaller
Event Description:
Product: Microsoft Office Enterprise 2007 - Update '2007 Microsoft Office Suite Service Pack 1 (SP1)' could not be removed. Error code 1646. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Record #/Type844 / Error
Event Submitted/Written: 01/24/2008 04:11:03 PM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Product: ESET NOD32 Antivirus -- A more recent version of ESET NOD32 Antivirus is already installed on this computer.

Event Record #/Type841 / Error
Event Submitted/Written: 01/21/2008 07:52:53 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3264, faulting module kernel32.dll, version 5.1.2600.3264, fault address 0x00085000.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type839 / Error
Event Submitted/Written: 01/20/2008 11:13:47 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16574, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type3448 / Warning
Event Submitted/Written: 01/24/2008 06:41:44 PM
Event ID/Source: 825 / Rasman
Event Description:
The Network Access Protection (NAP) enforcement client failed to register with the Network Access Protection Agent (NAPAgent) service. Some network services or resources might not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access server.

Event Record #/Type3447 / Error
Event Submitted/Written: 01/24/2008 06:41:44 PM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type3433 / Warning
Event Submitted/Written: 01/24/2008 06:02:12 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP Officejet 5600 series for Windows NT x86 Version-3 was added or updated. Files:- hpz2ku12.dll, hpzpm312.dll, hpop5612.dat, hpfmom12.hlp, hpzimc12.dll, hpzstw12.exe, hpzslk12.dll, hpzr3212.dll, hpzrm312.dll, hpzcon12.dll, hpzcfg12.exe, hpzeng12.exe, hpzflt12.dll, hpzime12.dll, hpzjui12.dll, hpzpre12.exe, hpzres12.dll, hpzstc12.exe, hpztbi12.dll, hpztbu12.exe, hpztbx12.exe, hpzlnt12.dll, hpzsnt12.dll, hpzcoi12.dll, hpzvip12.dll, hpzims12.dll, hpzpcl12.dll, hpofax08.dll, hpof5612.dat.

Event Record #/Type3427 / Warning
Event Submitted/Written: 01/24/2008 04:51:26 PM
Event ID/Source: 825 / Rasman
Event Description:
The Network Access Protection (NAP) enforcement client failed to register with the Network Access Protection Agent (NAPAgent) service. Some network services or resources might not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access server.

Event Record #/Type3426 / Error
Event Submitted/Written: 01/24/2008 04:51:26 PM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

-- End of Deckard's System Scanner: finished at 2008-01-24 18:59:12 ------------

SagiLo · Jan 24, 2008

here is the second dss log :

main.txt
Deckard's System Scanner v20071014.68
Run by Admin on 2008-01-24 18:50:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
23: 2008-01-24 16:50:42 UTC - RP70 - Deckard's System Scanner Restore Point
22: 2008-01-24 16:18:48 UTC - RP69 - Before uninstall WeatherPanel
21: 2008-01-24 16:12:33 UTC - RP68 - Before uninstall Spyware Doctor 5.1
20: 2008-01-24 15:46:43 UTC - RP67 - Before uninstall Microsoft Office Enterprise 2007
19: 2008-01-24 15:46:19 UTC - RP66 - Before uninstall Update for Outlook 2007 Junk Email Filter (kb943597)

-- First Restore Point --
1: 2008-01-20 10:00:03 UTC - RP48 - Removed Nokia Connectivity Cable Driver‎19:09 ‎2008-‎01-‎2412ג'ק

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52, on 2008-01-24
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NOD32\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\NOD32\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\NOD32\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [WMI Standard Event Consumer - Scripting] C:\WINDOWS\System32\wbem\scrcons32.exe (User 'Default user')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: &הורד באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &הורד הכל באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193925644898
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A33A39B-4DA5-4131-9315-BAEE601C56F1}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A33A39B-4DA5-4131-9315-BAEE601C56F1}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A33A39B-4DA5-4131-9315-BAEE601C56F1}: NameServer = 10.0.0.138
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\NOD32\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\NOD32\ekrn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8043 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 sr (System Restore Filter Driver) - c:\windows\\systemroot\system32\drivers\sr.sys (file missing)
R3 RT73 (TL-WN321G USB Wireless Adapter) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>

S0 Ramdisk (Ramdisk Driver) - c:\windows\system32\drivers\ramdsk.sys <Not Verified; Totalidea Software; RAMDisk>
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 catchme - c:\docume~1\admin\locals~1\temp\catchme.sys (file missing)
S3 netr73 (TL-WN321G Wireless USB Adapter Driver for Vista) - c:\windows\system32\drivers\netr73.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless Adapters>
S3 nk4Seem - c:\documents and settings\admin\desktop\seem_v4.0.en\nk4seem.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 NMIndexingService -

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&29E598EC&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&29E598EC&0&0
Service: flpydisk

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: CMI8738/C3DX PCI Audio Device
Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_80E21043&REV_10\3&61AAA01&0&28
Manufacturer: C-Media
Name: CMI8738/C3DX PCI Audio Device
PNP Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_80E21043&REV_10\3&61AAA01&0&28
Service: cmpci

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 4211 iLine10(tm) Network Adapter
Device ID: PCI\VEN_14E4&DEV_4211&SUBSYS_60001186&REV_00\3&61AAA01&0&58
Manufacturer: Broadcom
Name: Broadcom 4211 iLine10(tm) Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4211&SUBSYS_60001186&REV_00\3&61AAA01&0&58
Service: BCM42XX

Class GUID: {78A1C341-4539-11D3-B88D-00C04FAD5171}
Description: Totalidea Ramdisk
Device ID: ROOT\UNKNOWN\0030
Manufacturer: Totalidea
Name: Totalidea Ramdisk
PNP Device ID: ROOT\UNKNOWN\0030
Service: Ramdisk

SagiLo · Jan 24, 2008

-- Scheduled Tasks -------------------------------------------------------------

2008-01-24 12:40:34 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A860A66A-FF93-4FF4-AA6E-741273CED4BD}.job
2008-01-21 00:54:33 490 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-01-11 17:15:00 376 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job

-- Files created between 2007-12-24 and 2008-01-24 -----------------------------

2008-01-24 18:42:52 1213206 --a------ C:\SDFix.exe
2008-01-24 16:40:39 0 d-------- C:\Program Files\Trend Micro
2008-01-24 15:43:15 0 d-------- C:\Documents and Settings\Admin\.housecall6.6
2008-01-24 15:38:24 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-24 15:38:02 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-24 13:49:03 0 d-------- C:\Registery Backup
2008-01-24 12:43:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-24 12:43:27 0 d-------- C:\Documents and Settings\Admin\Application Data\PrevxCSI
2008-01-21 00:59:22 16928 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-21 00:59:22 436256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-20 22:27:33 0 d-------- C:\Documents and Settings\Admin\Application Data\Uniblue
2008-01-20 22:27:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-01-20 20:05:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 00:56:36 0 d-------- C:\Documents and Settings\Admin\Application Data\Nero
2008-01-13 00:44:24 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-01-13 00:27:49 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-04 18:52:51 47342 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-04 18:47:56 4203 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-04 18:46:39 0 d-------- C:\WINDOWS\Crystal Clear
2008-01-04 18:46:39 0 d-------- C:\WINDOWS\BricoPacks
2008-01-04 18:04:49 0 d-------- C:\Program Files\Devious Codeworks
2008-01-03 18:08:30 0 d-------- C:\Documents and Settings\Admin\Application Data\TuneUp Software
2007-12-31 17:18:57 290918 --a------ C:\WINDOWS\system32\Install7x.dll <Not Verified; ; Install Dynamic Link Library>
2007-12-31 17:18:57 245376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.SYS <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
2007-12-31 17:18:57 311296 --a------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2007-12-31 17:18:57 138 --a------ C:\WINDOWS\filespec7x
2007-12-31 17:18:56 252928 --a------ C:\WINDOWS\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
2007-12-31 17:18:56 2048 --a------ C:\WINDOWS\system32\drivers\rt73.bin
2007-12-31 17:18:13 0 d-------- C:\Program Files\TP-LINK
2007-12-31 17:07:12 255488 -ra------ C:\WINDOWS\system32\drivers\netr73.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless Adapters>

-- Find3M Report ---------------------------------------------------------------

2008-01-24 18:39:27 0 d-------- C:\Program Files\FlashGet
2008-01-24 18:18:51 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-24 16:35:15 0 d-------- C:\Program Files\Common Files
2008-01-24 16:28:45 0 d-------- C:\Program Files\NOD32
2008-01-24 15:55:08 0 d-------- C:\Program Files\ICQ
2008-01-22 19:31:49 0 d-------- C:\Program Files\eMule
2008-01-20 12:38:13 0 d-------- C:\Program Files\Muti ID3 Tag Editor
2008-01-14 18:51:28 0 d-------- C:\Documents and Settings\Admin\Application Data\Nokia
2008-01-14 18:47:39 0 d-------- C:\Documents and Settings\Admin\Application Data\PC Suite
2008-01-13 00:27:42 0 d-------- C:\Program Files\Nero
2008-01-13 00:25:58 0 d-------- C:\Program Files\Movie Maker
2008-01-12 18:47:50 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-01-12 17:47:19 0 d-------- C:\Program Files\FlashFXP
2008-01-04 18:52:50 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-04 17:45:03 0 d-------- C:\Program Files\Tweak-XP Pro 4
2007-12-31 17:18:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-21 18:43:06 0 d-------- C:\Program Files\Messenger
2007-12-21 16:42:22 0 d-------- C:\Program Files\DivX
2007-12-21 16:41:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Orbit
2007-12-21 15:56:58 0 d-------- C:\Program Files\Serials 2000 7.1 Plus
2007-12-21 13:15:59 0 d-------- C:\Program Files\Windows NT
2007-12-21 12:11:23 0 d-------- C:\Documents and Settings\Admin\Application Data\DivX
2007-12-16 17:45:34 0 d-------- C:\Documents and Settings\Admin\Application Data\U3
2007-12-16 04:23:28 0 d-------- C:\Program Files\PocketDVDStudio
2007-12-12 00:34:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-12 00:33:14 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-12 00:33:14 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-12 00:33:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-12 00:33:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-12 00:33:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-12 00:33:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-12 00:32:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-11 22:31:51 0 d-------- C:\Program Files\DIFX
2007-12-11 22:04:34 0 d-------- C:\Documents and Settings\Admin\Application Data\Help
2007-12-11 21:49:42 0 d-------- C:\Program Files\ARAR
2007-12-09 13:38:31 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-07 15:46:28 0 d-------- C:\Documents and Settings\Admin\Application Data\ACD Systems
2007-12-07 15:12:07 0 d-------- C:\Program Files\Your Uninstaller 2008
2007-12-07 13:35:34 0 d-------- C:\Program Files\Windows Desktop Search
2007-12-02 09:40:33 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-12-02 09:40:19 0 d-------- C:\Program Files\ACD Systems
2007-12-02 01:41:08 10653 --a------ C:\Documents and Settings\Admin\Application Data\ערכים מופרדים באמצעות פסיקים (Windows).CAL
2007-12-01 11:37:57 0 d-------- C:\Program Files\MSBuild
2007-12-01 11:32:05 0 d-------- C:\Program Files\Microsoft.NET
2007-12-01 10:56:36 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-11-30 18:07:54 0 d-------- C:\Program Files\RapidLeecher Ultimate 2007
2007-11-30 15:57:45 0 d-------- C:\Documents and Settings\Admin\Application Data\CyberLink
2007-11-30 15:19:54 0 d-------- C:\Program Files\PowerDVD
2007-11-30 13:15:30 0 d-------- C:\Program Files\Nokia PC Suite
2007-11-30 02:43:01 0 d-------- C:\Program Files\Video to iPod MP4 PSP 3GP Converter
2007-11-30 02:15:02 0 d-------- C:\Program Files\Live_TV
2007-11-25 01:54:41 0 d-------- C:\Program Files\HMONOPOLY for Pocket PC
2007-11-25 01:35:07 0 d-------- C:\Program Files\ZIO Interactive
2007-11-25 01:34:48 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-24 11:56:07 0 d-------- C:\Program Files\Duplicate File Detective
2007-11-10 15:08:16 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
2007-11-08 17:43:40 2508 --a------ C:\Documents and Settings\Admin\Application Data\$_hpcst$.hpc
2007-11-02 02:14:40 120499 --a------ C:\WINDOWS\File Renamer - Basic Uninstaller.exe
2007-11-02 01:42:54 592 --a------ C:\WINDOWS\chgkey.vbs
2007-11-01 16:24:15 72 --a------ C:\WINDOWS\system32\i
2007-11-01 16:06:38 62 --ahs---- C:\Documents and Settings\Admin\Application Data\desktop.ini
2007-11-01 14:42:46 0 -rahs---- C:\MSDOS.SYS
2007-11-01 14:42:46 0 -rahs---- C:\IO.SYS
2007-11-01 14:42:46 0 --a------ C:\CONFIG.SYS
2007-11-01 14:42:46 0 --a------ C:\AUTOEXEC.BAT
2007-11-01 14:37:54 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [10/15/2002 06:00 PM C:\WINDOWS\mixer.exe]
"egui"="C:\Program Files\NOD32\egui.exe" [12/21/2007 08:21 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/01/2007 12:26 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [06/26/2006 04:13 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"WMI Standard Event Consumer - Scripting"=C:\WINDOWS\System32\wbem\scrcons32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WMI Standard Event Consumer - Scripting"=C:\WINDOWS\System32\wbem\scrcons32.exe
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TL-WN321G Wireless Utility.lnk - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [12/31/2007 5:18:18 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"WMI Standard Event Consumer - Scripting"= C:\WINDOWS\System32\wbem\scrcons32.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
"C:\Program Files\AdVantage\AdVantage.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmsass]
mmdmm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NodLogin]
C:\Program Files\NOD32\nodlogin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMI Standard Event Consumer - Scripting]
C:\WINDOWS\System32\wbem\scrcons32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=C:\Program Files\Nokia PC Suite\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-01-24 18:59:12 ------------

SagiLo · Jan 24, 2008

About the SDfix :
as i said , i cant boot the computer on safemode so i cant do the scan
when i run it from the windows regulary i cant press y and i dont have this option .

thank you .
i hope that the logs are not too long |:

Rorschach112 · Jan 24, 2008

I should have fixed your Safe Mode keys

Try SDFix now

Had the hldrrr/wintems.exe virus,and still AV not runing

SagiLo

New member

SagiLo

New member

Rorschach112

Retired Security Volunteer

SagiLo

New member

SagiLo

New member

SagiLo

New member

Rorschach112

Retired Security Volunteer

SagiLo

New member

SagiLo

New member

SagiLo

New member

SagiLo

New member

SagiLo

New member

Rorschach112

Retired Security Volunteer