Help - Search - Members - Calendar
Full Version: xp 2008 antivirus
Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking
prat
Aug 3 2008, 08:03 AM
hey please help me out...
i was searching for a spyware doctor crack and ended up downloading this file from some link thru google.
the file name was setup 1.031 blah blah and happened to execute it.......avast detected it as a vbs malware kinda file...i went to safe mode and deleted tht setup file from my computer but it would still show tht war ning msg after..."virus or spyware detected..."...and this funny thing has now installed something called this xp 2008 antivirus with no option of exit or delete my spyware doctor detected it some infection...said it fixed it on clicking...but NOT! then i entered the virus name in google and relevantly found this thread...read thru a bit of devin's problem and have accordingly pasted this log....see if u can help me in some way....please...
thanks a ton



Deckard's System Scanner v20071014.68
Run by Prathamesh on 2008-08-03 20:15:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
78: 2008-08-03 14:45:46 UTC - RP117 - Deckard's System Scanner Restore Point
77: 2008-08-03 12:12:07 UTC - RP116 - System Checkpoint
76: 2008-08-01 18:46:14 UTC - RP115 - System Checkpoint
75: 2008-07-31 12:08:30 UTC - RP114 - System Checkpoint
74: 2008-07-29 14:15:48 UTC - RP113 - System Checkpoint


-- First Restore Point --
1: 2008-05-04 08:50:56 UTC - RP40 - System Checkpoint


Backed up registry hives.

System Drive C: has 3.3 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-03 20:16:51
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\rhc1koj0e16a\rhc1koj0e16a.exe
C:\WINDOWS\system32\pphc5koj0e16a.exe
C:\Documents and Settings\Prathamesh\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8053AF4F-F35D-4EC6-A411-039EFB515CD8} - C:\WINDOWS\system32\byXpoPih.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O2 - BHO: Megaupload Toolbar - {EEE17712-987E-4424-A00C-9DA0BC4E2078} - C:\WINDOWS\system32\MEGAUPL.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Windows Sound] exp2.64.exe
O4 - HKLM\..\Run: [lphc5koj0e16a] C:\WINDOWS\system32\lphc5koj0e16a.exe
O4 - HKLM\..\Run: [SMrhc1koj0e16a] C:\Program Files\rhc1koj0e16a\rhc1koj0e16a.exe
O4 - HKLM\..\RunServices: [Windows Sound] exp2.64.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: byXpoPih - C:\WINDOWS\system32\byXpoPih.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


--
End of file - 10123 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 LANPkt (Realtek LANPkt Protocol) - c:\windows\system32\drivers\lanpkt.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 GMSIPCI - f:\install\gmsipci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-03 19:54:45 94208 --a------ C:\WINDOWS\system32\pphc5koj0e16a.exe
2008-08-03 19:54:45 0 d-------- C:\Documents and Settings\Prathamesh\Application Data\rhc1koj0e16a
2008-08-03 19:54:37 0 d-------- C:\Program Files\rhc1koj0e16a
2008-08-03 19:33:15 0 d-------- C:\WINDOWS\pss
2008-08-03 19:03:31 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-08-03 19:03:30 0 d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-08-03 19:02:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-08-03 19:00:23 114176 --a------ C:\WINDOWS\system32\lphc5koj0e16a.exe
2008-08-03 18:56:34 18944 --a------ C:\WINDOWS\system32\MEGAUPL.dll
2008-07-29 14:03:33 0 d-------- C:\Documents and Settings\Prathamesh\.GalleryRemote
2008-07-05 11:24:18 0 d--hs---- C:\found.000


-- Find3M Report ---------------------------------------------------------------

2008-08-03 18:50:32 0 d-------- C:\Program Files\Spyware Doctor
2008-08-03 00:55:41 0 d-------- C:\Program Files\PokerStars
2008-07-19 17:06:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-14 01:08:22 0 d-------- C:\Program Files\Chesspark
2008-07-14 01:08:22 0 d-------- C:\Documents and Settings\Prathamesh\Application Data\chesspark
2008-06-06 14:09:10 0 d-------- C:\Program Files\Realtek
2008-06-06 14:08:46 0 d-------- C:\Documents and Settings\Prathamesh\Application Data\InstallShield
2008-06-06 12:37:02 0 d-------- C:\Program Files\MSI
2008-06-03 12:46:51 0 d-------- C:\Documents and Settings\Prathamesh\Application Data\Media Player Classic
2008-05-29 14:26:36 114688 --a------ C:\Documents and Settings\Prathamesh\Application Data\upgrader.exe
2008-05-26 02:23:19 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-25 23:29:13 12896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-05-12 10:49:00 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-05-06 11:31:28 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
03/20/2008 04:06 AM 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8053AF4F-F35D-4EC6-A411-039EFB515CD8}]
C:\WINDOWS\system32\byXpoPih.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
04/30/2008 12:33 PM 1470488 --a------ C:\Program Files\free-downloads.net\tbfre1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE17712-987E-4424-A00C-9DA0BC4E2078}]
08/03/2008 06:56 PM 18944 --a------ C:\WINDOWS\system32\MEGAUPL.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfre1.dll [04/30/2008 12:33 PM 1470488]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [03/20/2008 04:06 AM 1267040]

[-HKEY_CLASSES_ROOT\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [05/16/2006 03:34 PM C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 02:51 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 04:13 PM C:\WINDOWS\Alcmtr.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 08:08 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [03/27/2008 12:05 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [10/04/2007 06:38 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [09/25/2006 09:12 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"Windows Sound"="exp2.64.exe" []
"lphc5koj0e16a"="C:\WINDOWS\system32\lphc5koj0e16a.exe" [08/03/2008 07:00 PM]
"SMrhc1koj0e16a"="C:\Program Files\rhc1koj0e16a\rhc1koj0e16a.exe" [08/01/2008 02:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Sound"=exp2.64.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8053AF4F-F35D-4EC6-A411-039EFB515CD8}"= C:\WINDOWS\system32\byXpoPih.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXpoPih]
byXpoPih.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a1df17a-27e0-11dd-9802-0019db65f89c}]
AutoRun\command- G:\fooool.exe
explore\Command- G:\fooool.exe
open\Command- G:\fooool.exe




-- End of Deckard's System Scanner: finished at 2008-08-03 20:17:27 ------------

HKEd
Aug 3 2008, 08:30 PM
Sorry, prat, we cannot help anyone whose computer became infected from cracks of any kind.
prat
Aug 4 2008, 12:18 PM
QUOTE(HKEd @ Aug 4 2008, 09:00 AM) *

Sorry, prat, we cannot help anyone whose computer became infected from cracks of any kind.



well if it was a crack i would not have asked u guys....
the fact that it is a virus makes me do so....
i will greatly appreciate if i get any help on this one
HKEd
Aug 4 2008, 07:04 PM
It purported to be a crack, but turned out to be a virus. So that makes it OK? Not in my book.

However, I'll cut you a little slack.

I'll split your topic from Devin's and take it from there.
HKEd
Aug 4 2008, 07:10 PM
We'll start with MBAM:

Download Malwarebytes Anti-Malware to the desktop.
    * Double-click on Download_mbam-setup.exe to install the application.
    * When the installation begins, follow the prompts and do not make any changes to default settings.
    * When installation has finished, make sure you leave both these checked:
    o Update Malwarebytes Anti-Malware
    o Launch Malwarebytes Anti-Malware
    * Then click Finish.
    * MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    * On the Scanner tab:
    o Make sure the "Perform Full Scan" option is selected.
    o Then click on the Scan button.
    * The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
    * The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    * When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    * Click OK to close the message box and continue with the removal process.
    * Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    * Make sure that everything is checked, and click Remove Selected.
    * When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    * The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    * Copy and paste the contents of that report in your next reply along with a fresh HijackThis log.
NB - If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process and, if asked to restart the computer, please do so immediately.
jol
Aug 6 2008, 05:57 AM
do a avast boot scan and delete all files if a system file is infected , put the so cd in your cd drive and click repair , I do not think it will be necessary for a repair of the os
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.