Tech Support Forum banner
Cancel

Problem (need serious help)

Jump to Latest Follow
Status
Not open for further replies.
1 - 9 of 9 Posts
S

· Registered
Joined
·
6 Posts
Discussion Starter · #1 · (Edited by Moderator)
Hello
I am new on this forum, sorry if i didn't released suffice info and logfiles.

some info:
I am connected to a LAN that contain thousands of PC's and high internet speed (10mb\s), i also support many attacks from many ip adresses in every 10min.
my dxdiag log for more info:
View attachment DxDiag.txt

how it was:
In one day when i turned my PC on i saw network cable unplugged icon in tray.
For me that was very weird because my cable was plugged, then i maked some shut downs and after 5 times network was back on.
I thinked Or my network card broked or i have problems with drivers or even serious. Mainboard driver reinstall didn't help and i proceed to reinstall my OS in hope that this will fix problem. But i was very surprised that this didn't helped too. I searched in net about this problem and i founded that this can be a virus consequences. I scanned my PC some times and my antivirus detected multiple threads.
I fixed them all but there was some in system volume information on drive D:\ which my antivirus was unable to fix.
Network problem was solved.
Since i changed my antivirus to NOD32 i saw that he blocks connection with one site everytime when i launch .exe applications.
here is the log of one of the attacks:
31.05.2008 20:56:27 HTTP filter file http://info.cnbb.com.cn/css/wse.zip probably a variant of Win32/Genetik trojan connection terminated - quarantined RAIZEN\Shinobu Threat was detected upon access to web by the application: D:\INSTALL\Other\Everest\Everest Dictionaries\Dictionary-1\Everest.exe.
Click to expand...
And for me was strange that in almost every folder was a file named wsock32.dll.tmp. After a while when i founded that my downloadmanager was tracked by someone from network and my inet browsed so slow i was forced to install firewall (i installed sunbelt kerio personal firewall, then i changed to outpost because was too many CPU usage).
Today, (lucky for me) i founded how to open system volume information and to delete virus manually (which antivirus was unable to do)
I cleaned system volume information, scanned my pc few times, and reinstalled OS. System was out of viruses and i wanted to renew OS to hold it clear.
After reinstall, system sended me message:
Some of the system vulnerable files was changed, to mention system stability please insert windows original CD to renew files to original state.
Click to expand...
I inserted it but nothing happened.
And after 2 minutes my system was full again with these wsock32.dll.tmp and attempts to connect to that malicious site.

P.S - Sorry for my bad english.

Here is Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:36, on 31.05.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\runonce.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Shinobu\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{2592DD26-8C88-40A8-974C-3697CEEE823D}: NameServer = 87.248.160.5,217.26.150.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{2592DD26-8C88-40A8-974C-3697CEEE823D}: NameServer = 87.248.160.5,217.26.150.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 5560 bytes
Click to expand...
Deckard's System Scanner:

Main
------------------------------------------------------------------
Deckard's System Scanner v20071014.68
Run by Shinobu on 2008-05-31 22:19:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
18: 2008-05-31 18:44:46 UTC - RP18 - Deckard's System Scanner Restore Point
17: 2008-05-31 14:53:22 UTC - RP17 - Installed Adobe Reader 8
16: 2008-05-31 14:46:55 UTC - RP16 - Установлен Microsoft Office - профессиональный выпуск версии 2003
15: 2008-05-31 14:36:44 UTC - RP15 - Installed ACDSee 8
14: 2008-05-31 14:11:59 UTC - RP14 - Installed ESET NOD32 Antivirus


-- First Restore Point --
1: 2008-05-31 12:53:33 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Shinobu.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:37, on 31.05.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\Shinobu\Desktop\dss.exe
C:\DOCUME~1\Shinobu\Desktop\Shinobu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{2592DD26-8C88-40A8-974C-3697CEEE823D}: NameServer = 87.248.160.5,217.26.150.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{2592DD26-8C88-40A8-974C-3697CEEE823D}: NameServer = 87.248.160.5,217.26.150.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 4725 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: MPU-401 Compatible MIDI Device
Device ID: ACPI\PNPB006\4&1ABADB41&0
Manufacturer: Microsoft
Name: MPU-401 Compatible MIDI Device
PNP Device ID: ACPI\PNPB006\4&1ABADB41&0
Service: ms_mpu401


-- Files created between 2008-04-30 and 2008-05-31 -----------------------------

2008-05-31 22:18:12 0 d-------- C:\WINDOWS\pss
2008-05-31 19:25:39 0 d-------- C:\Program Files\Freelancer Account Manager
2008-05-31 18:42:35 0 d-------- C:\Program Files\Winamp
2008-05-31 18:40:01 0 d--hs---- C:\WINDOWS\Installer
2008-05-31 18:40:00 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-31 18:39:57 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-31 18:39:56 0 dr------- C:\Program Files
2008-05-31 18:39:56 0 d-------- C:\Program Files\Common Files
2008-05-31 18:39:32 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-31 18:39:32 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-31 18:39:32 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-31 18:39:32 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-31 18:39:32 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-31 18:39:32 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-31 18:39:32 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-31 18:39:32 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-31 18:39:32 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-31 18:39:32 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-31 18:39:32 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-31 18:39:32 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-31 18:39:32 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-31 18:39:32 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-31 18:39:32 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-31 18:39:32 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-31 18:39:22 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-31 18:39:22 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-31 18:39:16 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-31 18:39:16 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-31 18:39:16 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-31 18:39:16 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-31 18:39:00 0 d-------- C:\Documents and Settings
2008-05-31 18:38:59 0 d--hs---- C:\System Volume Information
2008-05-31 18:33:28 0 d-------- C:\WINDOWS
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\WinSxS
2008-05-31 18:33:28 0 dr------- C:\WINDOWS\Web
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\twain_32
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\wins
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\wbem
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\usmt
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\spool
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\Setup
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\scripting
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\ras
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\oobe
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\npp
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\mui
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\IME
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\ias
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\export
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\en
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\drivers
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-31 18:33:28 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\config
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\3076
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\2052
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\1054
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\1042
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\1041
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\1037
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\1033
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\1031
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\1028
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system32\1025
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\system
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\security
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\Resources
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\repair
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\Provisioning
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\PeerNet
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\pchealth
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\Network Diagnostic
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\mui
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\msapps
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\msagent
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\Media
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\L2Schemas
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\java
2008-05-31 18:33:28 0 d--h----- C:\WINDOWS\inf
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\ime
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\Help
2008-05-31 18:33:28 0 dr--s---- C:\WINDOWS\Fonts
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\ehome
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\Driver Cache
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\Debug
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\Cursors
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\Config
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\AppPatch
2008-05-31 18:33:28 0 d-------- C:\WINDOWS\addins
2008-05-31 18:02:40 0 d-------- C:\Program Files\AIMP2
2008-05-31 17:53:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-31 17:53:23 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-31 17:48:51 0 d-------- C:\Documents and Settings\Shinobu\Application Data\Macromedia
2008-05-31 17:48:50 0 d-------- C:\Documents and Settings\Shinobu\Application Data\Adobe
2008-05-31 17:46:58 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-31 17:46:57 0 d-------- C:\Program Files\Microsoft.NET
2008-05-31 17:40:47 65024 --a------ C:\WINDOWS\muninst.exe <Not Verified; www.video-soft.com; Micro Uninstaller>
2008-05-31 17:40:47 0 d-------- C:\Program Files\Light Alloy
2008-05-31 17:37:11 0 d-------- C:\Documents and Settings\Shinobu\Application Data\ACD Systems
2008-05-31 17:36:46 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-05-31 17:36:45 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-05-31 17:36:45 0 d-------- C:\Program Files\ACD Systems
2008-05-31 17:30:20 0 d-------- C:\Program Files\QIP
2008-05-31 17:29:25 0 d-------- C:\Documents and Settings\Shinobu\Application Data\Skype
2008-05-31 17:29:23 0 d-------- C:\Program Files\Common Files\Skype
2008-05-31 17:29:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-31 17:29:13 0 d-------- C:\Program Files\Skype
2008-05-31 17:26:26 0 d-------- C:\Documents and Settings\Shinobu\Application Data\uTorrent
2008-05-31 17:26:23 0 d-------- C:\Program Files\uTorrent
2008-05-31 17:25:41 157696 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-31 17:25:37 217088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-31 17:25:37 856064 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-31 17:25:37 568850 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-05-31 17:25:37 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll <Not Verified; Microsoft Corporation; Windows Media Video 9 VCM>
2008-05-31 17:25:37 286720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Pro>
2008-05-31 17:25:37 1024000 --a------ C:\WINDOWS\system32\3ivx.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Pro>
2008-05-31 17:25:36 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-31 17:25:32 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-31 17:25:32 619156 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 17:25:31 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 17:22:20 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-05-31 17:22:20 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-05-31 17:22:20 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-31 17:22:20 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-31 17:22:20 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-31 17:22:14 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Nero AG; Nero AG NeroCheck>
2008-05-31 17:21:43 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-31 17:21:43 0 d-------- C:\Program Files\Ahead
2008-05-31 17:11:59 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-31 17:06:19 0 d-------- C:\Documents and Settings\Shinobu\Application Data\Sony Ericsson
2008-05-31 17:06:15 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-05-31 17:06:14 0 d-------- C:\Program Files\Sony Ericsson
2008-05-31 17:06:14 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-05-31 17:06:07 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 17:05:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-05-31 17:05:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-05-31 16:49:47 0 d-------- C:\WINDOWS\LastGood
2008-05-31 16:49:26 0 d-------- C:\Program Files\Common Files\TV
2008-05-31 16:49:25 0 d-------- C:\Program Files\AVerTV
2008-05-31 16:41:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-31 16:41:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-31 16:41:17 0 d-------- C:\Program Files\Logitech
2008-05-31 16:41:17 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-05-31 16:38:39 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-31 16:38:39 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-31 16:36:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-31 16:30:02 0 d-------- C:\Documents and Settings\Shinobu\Application Data\ATI
2008-05-31 16:30:02 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-31 16:29:45 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-31 16:28:02 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-05-31 16:27:51 0 d-------- C:\Program Files\ATI Technologies
2008-05-31 16:27:07 0 d-------- C:\ATI
2008-05-31 16:25:57 0 d-------- C:\Program Files\MSBuild
2008-05-31 16:25:54 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-05-31 16:25:51 0 d-------- C:\Program Files\Reference Assemblies
2008-05-31 16:11:24 0 d-------- C:\WINDOWS\system32\Lang
2008-05-31 16:10:35 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-05-31 16:10:30 0 d-------- C:\WINDOWS\system32\RTCOM
2008-05-31 16:10:06 0 d-------- C:\Program Files\Realtek
2008-05-31 16:10:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-31 16:10:00 499712 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-05-31 16:09:47 0 d-------- C:\Program Files\DIFX
2008-05-31 16:09:35 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-31 16:08:34 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-31 16:08:23 1428 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-05-31 16:08:01 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-31 16:04:28 5376 --a------ C:\WINDOWS\system32\antiwpa.dll
2008-05-31 15:57:32 0 d-------- C:\Program Files\DAEMON Tools
2008-05-31 15:56:41 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-31 15:53:23 0 d-------- C:\Documents and Settings\Shinobu\Application Data\Identities
2008-05-31 15:53:18 0 d--h----- C:\Documents and Settings\Shinobu\Templates
2008-05-31 15:53:18 0 dr------- C:\Documents and Settings\Shinobu\Start Menu
2008-05-31 15:53:18 0 dr-h----- C:\Documents and Settings\Shinobu\SendTo
2008-05-31 15:53:18 0 dr-h----- C:\Documents and Settings\Shinobu\Recent
2008-05-31 15:53:18 0 d--h----- C:\Documents and Settings\Shinobu\PrintHood
2008-05-31 15:53:18 1835008 --ah----- C:\Documents and Settings\Shinobu\NTUSER.DAT
2008-05-31 15:53:18 0 d--h----- C:\Documents and Settings\Shinobu\NetHood
2008-05-31 15:53:18 0 dr------- C:\Documents and Settings\Shinobu\My Documents
2008-05-31 15:53:18 0 d--h----- C:\Documents and Settings\Shinobu\Local Settings
2008-05-31 15:53:18 0 dr------- C:\Documents and Settings\Shinobu\Favorites
2008-05-31 15:53:18 0 d-------- C:\Documents and Settings\Shinobu\Desktop
2008-05-31 15:53:18 0 d---s---- C:\Documents and Settings\Shinobu\Cookies
2008-05-31 15:53:18 0 dr-h----- C:\Documents and Settings\Shinobu\Application Data
2008-05-31 15:52:46 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-31 15:52:45 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-31 15:52:45 0 d-------- C:\WINDOWS\Prefetch
2008-05-31 15:52:43 159744 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-31 15:52:43 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-31 15:52:43 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-05-31 15:52:43 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-31 15:52:43 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-31 15:52:31 159744 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-31 15:52:31 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-31 15:52:31 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-05-31 15:52:31 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-31 15:52:31 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-31 15:50:17 0 d-------- C:\WINDOWS\system32\xircom
2008-05-31 15:50:17 0 d-------- C:\Program Files\microsoft frontpage
2008-05-31 15:50:08 159744 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-31 15:49:55 0 -rahs---- C:\MSDOS.SYS
2008-05-31 15:49:55 0 -rahs---- C:\IO.SYS
2008-05-31 15:49:55 0 --a------ C:\CONFIG.SYS
2008-05-31 15:49:55 0 --a------ C:\AUTOEXEC.BAT
2008-05-31 15:49:05 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-31 15:49:05 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-31 15:48:56 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-31 15:48:41 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-31 15:48:32 0 d---s---- C:\WINDOWS\Tasks
2008-05-31 15:48:32 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-31 15:48:29 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-31 15:48:29 0 d-------- C:\WINDOWS\srchasst
2008-05-31 15:48:25 0 d--hs---- C:\Program Files\Movie Maker
2008-05-31 15:48:12 0 d-------- C:\WINDOWS\system32\Restore
2008-05-31 15:47:42 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-31 15:47:28 0 d-------- C:\WINDOWS\Registration
2008-05-31 15:47:21 0 d-------- C:\Program Files\Online Services
2008-05-31 15:47:15 0 d-------- C:\Program Files\Messenger
2008-05-31 15:47:12 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-31 15:46:40 0 d-------- C:\Program Files\Windows NT
2008-05-31 15:46:36 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-31 15:46:33 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-05-31 18:39:32 62 --ahs---- C
Click to expand...


extra
-----------------------------------------------------------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1023.36 MiB / 529.68 MiB
Pagefile Memory (total/avail): 2461.38 MiB / 2146.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1878.13 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 12.74 GiB free.
D: is Fixed (NTFS) - 213.34 GiB total, 0.72 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250410AS - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 213.34 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Shinobu\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RAIZEN
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Shinobu
LOGONSERVER=\\RAIZEN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4302
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Shinobu\LOCALS~1\Temp
TMP=C:\DOCUME~1\Shinobu\LOCALS~1\Temp
USERDOMAIN=RAIZEN
USERNAME=Shinobu
USERPROFILE=C:\Documents and Settings\Shinobu
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Shinobu (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
ACDSee 8 --> MsiExec.exe /I{AE80641A-0C8D-4670-A518-B4EC154B1027}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVerTV --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8DF56C91-281F-4C15-B954-F45FDC919568} /l1033
ESET NOD32 Antivirus --> MsiExec.exe /I{BB703122-AF65-4AD9-BCA0-273E165DABEE}
FAM 1.0.0.0 RC2 --> C:\Program Files\Freelancer Account Manager\uninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Shinobu\Desktop\HijackThis.exe" /uninstall
K-Lite Codec Pack 2.72 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Light Alloy 2.4 --> C:\WINDOWS\muninst.exe "Light Alloy 2.4"
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiS
Click to expand...
Panda antivirus log:
View attachment ActiveScan.txt
 
amateur

· TSF-Emeritus
Joined
·
15,457 Posts
#2 ·
Hello and welcome to TSF.:smile:

Do you know how this entry found its way into your system? It's an illegal software crack used to bypass copy protection for Windows.

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
 
S

· Registered
Joined
·
6 Posts
Discussion Starter · #3 · (Edited)
I installed this OS few days ago, i wanted to check if protection is enhanced. But this seems to be modified SP2. I should change to my uncracked SP2 version a soon as i will fix problems with this thread.

Can you tell me please which antivirus is the best?
 
amateur

· TSF-Emeritus
Joined
·
15,457 Posts
#4 · (Edited)
Hi,

I installed this OS few days ago
Click to expand...
.
I should change to my uncracked SP2 version a soon as i will fix problems with this thread.
Click to expand...
I think it's a good idea to change to your legitimate version.

Please refer to the Forum Rules which you should have read at the time of Registering at this forum. TSF does not support illegal activity.

Can you tell me please which antivirus is the best?
Click to expand...
It's a matter of personal choice, but have a look in here:

http://www.techsupportforum.com/f174/pc-safety-and-security-what-do-i-need-115548.html
 
S

· Registered
Joined
·
6 Posts
Discussion Starter · #5 · (Edited)
I installed my old OS (SP2), this log was maded right after install, was installed all drivers, programs,but no internet connection.
I launched network after all configuration was made and antivirus setup. (This is why antivirus is outdated)

here is log:

main:
Deckard's System Scanner v20071014.68
Run by Shinobu on 2008-06-05 20:17:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
18: 2008-06-05 17:17:58 UTC - RP18 - Deckard's System Scanner Restore Point
17: 2008-06-05 17:00:40 UTC - RP17 - Premium Security Suite - 05.06.2008 20:00
16: 2008-06-05 16:54:06 UTC - RP16 - Installed Adobe Reader 8
15: 2008-06-05 16:52:40 UTC - RP15 - Установлен Microsoft Office - профессиональный выпуск версии 2003
14: 2008-06-05 16:45:54 UTC - RP14 - Installed ACDSee 8


-- First Restore Point --
1: 2008-06-05 15:46:08 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Shinobu.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:20, on 05.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AVerTV\QuickTV.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\New Folder\dss.exe
D:\NEWFOL~1\Shinobu.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 6237 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 avfwot - c:\windows\system32\drivers\avfwot.sys <Not Verified; Avira GmbH; Firewall TDI filter>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirFirewallService (Avira Premium Security Suite Firewall) - "c:\program files\avira\avira premium security suite\avfwsvc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 AntiVirMailService (Avira Premium Security Suite MailGuard) - "c:\program files\avira\avira premium security suite\avmailc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 AntiVirScheduler (Avira Premium Security Suite Scheduler) - "c:\program files\avira\avira premium security suite\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 antivirwebservice (Avira Premium Security Suite WebGuard) - "c:\program files\avira\avira premium security suite\avwebgrd.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 AVEService (Avira Premium Security Suite MailGuard helper service) - "c:\program files\avira\avira premium security suite\avesvc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: MPU-401 Compatible MIDI Device
Device ID: ACPI\PNPB006\4&1ABADB41&0
Manufacturer: Microsoft
Name: MPU-401 Compatible MIDI Device
PNP Device ID: ACPI\PNPB006\4&1ABADB41&0
Service: ms_mpu401


-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-05 21:31:56 0 d--hs---- C:\WINDOWS\Installer
2008-06-05 21:31:55 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-05 21:31:53 0 dr------- C:\Program Files
2008-06-05 21:31:53 0 d-------- C:\Program Files\Common Files
2008-06-05 21:31:53 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-05 21:31:35 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-05 21:31:35 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-05 21:31:35 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-05 21:31:35 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-05 21:31:35 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-05 21:31:35 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-05 21:31:35 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-05 21:31:35 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-05 21:31:35 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-05 21:31:35 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-05 21:31:35 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-05 21:31:35 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-05 21:31:35 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-05 21:31:35 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-05 21:31:35 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-05 21:31:35 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-05 21:31:25 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-05 21:31:25 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-05 21:31:19 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-05 21:31:19 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-05 21:31:19 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-05 21:31:19 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-05 21:31:03 0 d-------- C:\Documents and Settings
2008-06-05 21:31:02 0 d--hs---- C:\System Volume Information
2008-06-05 21:25:33 0 d-------- C:\WINDOWS
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\WinSxS
2008-06-05 21:25:33 0 dr------- C:\WINDOWS\Web
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\twain_32
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\wins
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\wbem
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\usmt
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\spool
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\Setup
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\ras
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\oobe
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\npp
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\mui
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\IME
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\ias
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\export
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\drivers
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-05 21:25:33 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\config
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\3076
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\2052
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\1054
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\1042
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\1041
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\1037
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\1033
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\1031
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\1028
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system32\1025
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\system
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\security
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\Resources
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\repair
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\Provisioning
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\PeerNet
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\pchealth
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\mui
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\msapps
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\msagent
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\Media
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\java
2008-06-05 21:25:33 0 d--h----- C:\WINDOWS\inf
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\ime
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\Help
2008-06-05 21:25:33 0 dr--s---- C:\WINDOWS\Fonts
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\ehome
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\Driver Cache
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\Debug
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\Cursors
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\Config
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\AppPatch
2008-06-05 21:25:33 0 d-------- C:\WINDOWS\addins
2008-06-05 20:11:57 0 d-------- C:\Documents and Settings\Shinobu\Application Data\Skype
2008-06-05 20:11:50 0 d-------- C:\Program Files\Skype
2008-06-05 20:11:50 0 d-------- C:\Program Files\Common Files\Skype
2008-06-05 20:11:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-05 20:11:30 0 d-------- C:\Program Files\QIP
2008-06-05 20:08:26 0 d-------- C:\Documents and Settings\Shinobu\Application Data\Avira
2008-06-05 20:01:33 66176 --a------ C:\WINDOWS\system32\drivers\avfwot.sys <Not Verified; Avira GmbH; Firewall TDI filter>
2008-06-05 20:01:31 0 d-------- C:\Program Files\Avira
2008-06-05 20:01:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-05 19:56:06 0 d-------- C:\Program Files\Winamp
2008-06-05 19:54:31 0 d-------- C:\Documents and Settings\Shinobu\Application Data\Adobe
2008-06-05 19:54:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-05 19:54:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-05 19:52:43 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-05 19:52:42 0 d-------- C:\Program Files\Microsoft.NET
2008-06-05 19:46:46 65024 --a------ C:\WINDOWS\muninst.exe <Not Verified; www.video-soft.com; Micro Uninstaller>
2008-06-05 19:46:46 0 d-------- C:\Program Files\Light Alloy
2008-06-05 19:46:19 0 d-------- C:\Documents and Settings\Shinobu\Application Data\ACD Systems
2008-06-05 19:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-06-05 19:45:55 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-06-05 19:45:55 0 d-------- C:\Program Files\ACD Systems
2008-06-05 19:44:53 157696 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-05 19:44:51 217088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-05 19:44:51 856064 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-05 19:44:51 568850 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-06-05 19:44:51 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll <Not Verified; Microsoft Corporation; Windows Media Video 9 VCM>
2008-06-05 19:44:51 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-05 19:44:51 286720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Pro>
2008-06-05 19:44:51 1024000 --a------ C:\WINDOWS\system32\3ivx.dll <Not Verified; 3ivx.com; 3ivx D4 4.5.1 Pro>
2008-06-05 19:44:50 5120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-05 19:44:50 619156 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-05 19:44:49 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-05 19:43:55 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-06-05 19:43:55 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-06-05 19:43:55 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Nero AG; Nero AG NeroCheck>
2008-06-05 19:43:55 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-06-05 19:43:55 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-06-05 19:43:55 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-06-05 19:43:55 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-05 19:43:55 0 d-------- C:\Program Files\Ahead
2008-06-05 19:40:19 0 d-------- C:\Program Files\DAEMON Tools
2008-06-05 19:39:06 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-05 19:34:02 0 d-------- C:\Program Files\Common Files\TV
2008-06-05 19:20:48 0 d-------- C:\Documents and Settings\Shinobu\Application Data\Teleca
2008-06-05 19:20:46 0 d-------- C:\WINDOWS\pss
2008-06-05 19:19:02 0 d-------- C:\Program Files\AVerTV
2008-06-05 19:16:08 0 d-------- C:\Documents and Settings\Shinobu\Application Data\Sony Ericsson
2008-06-05 19:16:05 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-05 19:16:04 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-06-05 19:16:03 0 d-------- C:\Program Files\Sony Ericsson
2008-06-05 19:15:58 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-05 19:15:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-06-05 19:15:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-05 19:06:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-05 19:05:58 0 d-------- C:\Program Files\Logitech
2008-06-05 19:05:58 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-06-05 19:04:49 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-05 18:58:03 0 d-------- C:\Documents and Settings\Shinobu\Application Data\ATI
2008-06-05 18:58:03 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-05 18:57:53 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-05 18:55:26 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-05 18:55:10 0 d-------- C:\Program Files\ATI Technologies
2008-06-05 18:54:31 0 d-------- C:\ATI
2008-06-05 18:51:24 0 d-------- C:\WINDOWS\system32\Lang
2008-06-05 18:50:33 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-06-05 18:50:28 0 d-------- C:\WINDOWS\system32\RTCOM
2008-06-05 18:49:42 0 d-------- C:\Program Files\Realtek
2008-06-05 18:49:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 18:49:36 499712 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-05 18:49:26 0 d-------- C:\Program Files\DIFX
2008-06-05 18:49:14 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-05 18:48:12 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-05 18:48:01 1428 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-06-05 18:47:43 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-05 18:45:57 0 d-------- C:\Documents and Settings\Shinobu\Application Data\Identities
2008-06-05 18:45:52 0 d--h----- C:\Documents and Settings\Shinobu\Templates
2008-06-05 18:45:52 0 dr------- C:\Documents and Settings\Shinobu\Start Menu
2008-06-05 18:45:52 0 dr-h----- C:\Documents and Settings\Shinobu\SendTo
2008-06-05 18:45:52 0 dr-h----- C:\Documents and Settings\Shinobu\Recent
2008-06-05 18:45:52 0 d--h----- C:\Documents and Settings\Shinobu\PrintHood
2008-06-05 18:45:52 1310720 --a------ C:\Documents and Settings\Shinobu\NTUSER.DAT
2008-06-05 18:45:52 0 d--h----- C:\Documents and Settings\Shinobu\NetHood
2008-06-05 18:45:52 0 dr------- C:\Documents and Settings\Shinobu\My Documents
2008-06-05 18:45:52 0 d--h----- C:\Documents and Settings\Shinobu\Local Settings
2008-06-05 18:45:52 0 dr------- C:\Documents and Settings\Shinobu\Favorites
2008-06-05 18:45:52 0 d-------- C:\Documents and Settings\Shinobu\Desktop
2008-06-05 18:45:52 0 d---s---- C:\Documents and Settings\Shinobu\Cookies
2008-06-05 18:45:52 0 dr-h----- C:\Documents and Settings\Shinobu\Application Data
2008-06-05 18:45:15 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-05 18:45:14 0 d-------- C:\WINDOWS\Prefetch
2008-06-05 18:45:13 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-05 18:45:12 229376 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-05 18:45:12 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-05 18:45:12 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-06-05 18:45:12 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-05 18:45:12 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-05 18:45:00 229376 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-05 18:45:00 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-05 18:45:00 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-05 18:45:00 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-05 18:45:00 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-05 18:42:11 0 d-------- C:\WINDOWS\system32\xircom
2008-06-05 18:42:11 0 d-------- C:\Program Files\microsoft frontpage
2008-06-05 18:42:01 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-05 18:41:56 0 -rahs---- C:\MSDOS.SYS
2008-06-05 18:41:56 0 -rahs---- C:\IO.SYS
2008-06-05 18:41:56 0 --a------ C:\CONFIG.SYS
2008-06-05 18:41:56 0 --a------ C:\AUTOEXEC.BAT
2008-06-05 18:41:11 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-05 18:41:04 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-05 18:41:04 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-05 18:40:56 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-05 18:40:42 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-05 18:40:20 0 d---s---- C:\WINDOWS\Tasks
2008-06-05 18:40:19 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-05 18:40:16 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-05 18:40:16 0 d-------- C:\WINDOWS\srchasst
2008-06-05 18:40:11 0 d-------- C:\Program Files\Movie Maker
2008-06-05 18:40:05 0 d-------- C:\WINDOWS\system32\Restore
2008-06-05 18:39:38 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-05 18:39:25 0 d-------- C:\WINDOWS\Registration
2008-06-05 18:39:19 0 d-------- C:\Program Files\Online Services
2008-06-05 18:39:13 0 d-------- C:\Program Files\Messenger
2008-06-05 18:39:10 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-05 18:38:46 0 d-------- C:\Program Files\Windows NT
2008-06-05 18:38:44 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-05 18:38:42 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-06-05 21:31:35 62 --ahs---- C:\Documents and Settings\Shinobu\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [19.12.2006 06:12 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16.05.2006 13:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 13:43 C:\WINDOWS\Alcmtr.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [21.01.2008 12:17]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [17.05.2007 10:52]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [17.05.2007 10:53]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [13.06.2007 08:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [12.01.2006 15:40]
"Device Detector"="DevDetect.exe" []
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [12.02.2008 10:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 15:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04.04.2007 01:29]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [23.04.2008 17:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [23.10.2006 1:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [23.10.2006 0:01:50]
QuickTV.lnk - C:\Program Files\AVerTV\QuickTV.exe [30.10.2005 20:09:40]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{015403e7-332c-11dd-a794-806d6172696f}]
AutoRun\command- E:\Setup.exe

*Newly Created Service* - ANTIVIRFIREWALLSERVICE
*Newly Created Service* - ANTIVIRMAILSERVICE
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - ANTIVIRWEBSERVICE
*Newly Created Service* - AVESERVICE
*Newly Created Service* - AVFWOT
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - SSMDRV



-- End of Deckard's System Scanner: finished at 2008-06-05 20:20:05 ------------
Click to expand...


extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1023.36 MiB / 563.29 MiB
Pagefile Memory (total/avail): 2461.38 MiB / 1985.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.89 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 13.31 GiB free.
D: is Fixed (NTFS) - 213.34 GiB total, 1.06 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250410AS - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 213.34 GiB - D:



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Avira Firewall v8.0.1.15 (Avira GmbH)
AV: Avira Premium Security Suite v8.0.1.15 (Avira GmbH) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Shinobu\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RAIZEN
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Shinobu
LOGONSERVER=\\RAIZEN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4302
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Shinobu\LOCALS~1\Temp
TMP=C:\DOCUME~1\Shinobu\LOCALS~1\Temp
USERDOMAIN=RAIZEN
USERNAME=Shinobu
USERPROFILE=C:\Documents and Settings\Shinobu
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Shinobu (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 8 --> MsiExec.exe /I{AE80641A-0C8D-4670-A518-B4EC154B1027}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVerTV --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8DF56C91-281F-4C15-B954-F45FDC919568} /l1033
Avira Premium Security Suite --> C:\Program Files\Avira\Avira Premium Security Suite\setup.exe /REMOVE
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
K-Lite Codec Pack 2.72 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Light Alloy 2.4 --> C:\WINDOWS\muninst.exe "Light Alloy 2.4"
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft Office - профессиональный выпуск версии 2003 --> MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
QIP 2005 Uninstall --> "C:\Program Files\QIP\unqip.exe"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x19 -removeonly
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers --> MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type191 / Error
Event Submitted/Written: 06/05/2008 08:19:29 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Event Record #/Type177 / Warning
Event Submitted/Written: 06/05/2008 07:53:00 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type176 / Warning
Event Submitted/Written: 06/05/2008 07:53:00 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type158 / Warning
Event Submitted/Written: 06/05/2008 07:32:19 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type157 / Warning
Event Submitted/Written: 06/05/2008 07:32:19 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\QuickCam10\DesktopShortcutKey' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type362 / Error
Event Submitted/Written: 06/05/2008 08:19:24 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Event Record #/Type361 / Error
Event Submitted/Written: 06/05/2008 08:19:24 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type343 / Error
Event Submitted/Written: 06/05/2008 08:04:24 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Event Record #/Type342 / Error
Event Submitted/Written: 06/05/2008 08:04:24 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type341 / Error
Event Submitted/Written: 06/05/2008 08:04:23 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.



-- End of Deckard's System Scanner: finished at 2008-06-05 20:20:05 ------------
Click to expand...

edit: I installed Avira antivirus, i cleaned some threads with antivirus. In sys volume info on drive D:\ was some wsock32 applications/threads, i cleaned them manually.
 
amateur

· TSF-Emeritus
Joined
·
15,457 Posts
#6 ·
Hi,

Since you've reformatted and reinstalled a new operating system; installed the protection software; updated all your drivers and software, you should be OK. Is there any reason why you posted the DSS log? Are you having any malware issues?
 
S

· Registered
Joined
·
6 Posts
Discussion Starter · #7 ·
Now, seems to be ok. But last time i reinstalled OS this didn't help. I think virus patched wsock32.dll from system 32 and registery. I had no idea how to restore sys files in original state. (sfc didn't help). This time after reinstall i set wsock32.dll read-only this should be the cause why that file is still not patched by maliceous code.
Can you give me some hints how to protect vulnerable system files from infection.
" I am connected to a infected network and all time i launch my pc i support multiple attacks on my system core files"
 
S

· Registered
Joined
·
6 Posts
Discussion Starter · #8 · (Edited)
Edit:
Now i have problems with svchost.exe
Everytime i launch my pc, popup appear with:
Generic Host Process for Win32 Services encountered a problem and needed to close
Click to expand...
This is error report response:
http://wer.microsoft.com/Responses/....2.0?SGD=cb1c0b41-a765-46b2-b3c3-f6cc8fe4162c

After crash, my windows transform to classic style and sound drivers disappear
When i set my firewall to highest lvl "when all incoming connections are blocked"
this thing don't appear anymore but half of my programs which use internet connection are blocked.

I and all people i know (connected to this network) had this problem in the past.

Oh, i am so tired with these things, i reinstalled my OS 4 times (this week).
If one thread is solved another one appear :upset:


Thank you for your investigations and time.
And sorry for bumping you with all these things.
 
amateur

· TSF-Emeritus
Joined
·
15,457 Posts
#9 · (Edited)
Hi,
some info:
I am connected to a LAN that contain thousands of PC's and high internet speed (10mb\s), i also support many attacks from many ip adresses in every 10min.
Click to expand...
I am connected to a infected network and all time i launch my pc i support multiple attacks on my system core files.
Click to expand...
There isn't much I can do about that. You'll need to talk to your LAN administration/IT support, and get it sort it out. Sorry about your predicament, but if you're in an infected environment coupled with the use of crack software, any cleaning effort will be futile and it's also against the rules as I mentioned earlier in post #4. So, I am closing this thread.
 
1 - 9 of 9 Posts
Status
Not open for further replies.
About this Discussion
8 Replies
2 Participants
Last post:
amateur
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top