Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Stop Unexpectedly

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows Stop Unexpectedly

Unread postby Jacklim » July 3rd, 2008, 1:49 pm

Error message showed:

Technical Information
How to Troubleshoot Hardware and Software Driver Problems in Windows XP (Q322205)
Information about hardware device drivers for Windows XP

Problem caused by Device Driver
You received this message because a device driver installed on your computer caused Windows to stop unexpectedly. This type of error is referred to as a "stop error." A stop error requires you to restart your computer.
More information
________________________________________

Problem report summary
Problem type
Windows stop error (a message appears on a blue screen with error code information)
Solution available?
No
What does this problem mean?
Windows has encountered a problem it cannot recover from and it needs to be restarted
Cause
Unknown
Computer symptoms
A message appears on a blue screen with error code information (for example: 0x0000001E, KMODE_EXCEPTION_NOT_HANDLED)
Additional steps for you to take
Please continue to send problem reports so analysts at Microsoft can study and try to correct the problem as quickly as possible

HJT log as fllws:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:02 PM, on 6/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\CPUTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\mtd2002\MTDSERVER.EXE
C:\Program Files\mtd2002\MTDSHELF.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.twinhead.com/
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPUTray] C:\WINDOWS\system32\CPUTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKUS\S-1-5-21-535992092-3013543682-1379129536-1004\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup (User '?')
O4 - HKUS\S-1-5-21-535992092-3013543682-1379129536-1004\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-535992092-3013543682-1379129536-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-535992092-3013543682-1379129536-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.twinhead.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL ... 586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8962 bytes
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am
Advertisement
Register to Remove

Re: Windows Stop Unexpectedly

Unread postby Scotty » July 3rd, 2008, 3:03 pm

Hi! Welcome to the forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 9th, 2008, 1:43 pm

Acrobat.com
Acrobat.com
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
BlueSoleil
CPU Speed High / Low Status Application
DVD Suite
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Internet Download Manager
Java DB 10.3.1.4
Java(TM) 6 Update 6
Java(TM) SE Development Kit 6 Update 6
Lexmark X1100 Series
LiveUpdate 2.6 (Symantec Corporation)
Microsoft ActiveSync
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0)
Norton PartitionMagic 8.0
NVIDIA Drivers
O2Micro Flash Memory Card Windows Driver V2.05
PhotoNow! 1.0
Power2Go 5.0
PowerDirector
PowerDVD
PPTminimizer
Ralink Wireless LAN Card
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Skype™ 3.8
Symantec AntiVirus
Synaptics Pointing Device Driver
Ulead VideoStudio 7 SE DVD
Uninstall LAC VIET mtd2002-EVA
Unlocker 1.8.7
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Bluetooth Dongle Maker Bluetooth (10/17/2002 5.1.2535.0)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows XP Service Pack 3
XoftSpySE
Yahoo! ¤u¨ã¦C
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am

Re: Windows Stop Unexpectedly

Unread postby Scotty » July 9th, 2008, 3:31 pm

Hi

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back in your next reply with a new HijackThis log.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 11th, 2008, 8:25 am

Hi Scotty

Fllwg yr rqst in attchd files.

Is there anything else I need to do?
You do not have the required permissions to view the files attached to this post.
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am

Re: Windows Stop Unexpectedly

Unread postby Scotty » July 11th, 2008, 8:34 am

Hi

Is there anything else I need to do?


Two things. Im 38, I cant read text speak. And just copy/paste the logs and reports into replies instead of attaching them. :)

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once Recovery Console is installed, you should see a blue screen prompt like the one below:

Image

Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced. Please post that log and a new HijackThis log in your next reply.


1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



In your next reply post:
ComboFix.txt
New HijackThis log taken after the above scan has run
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 13th, 2008, 12:48 pm

Hi

Sorry I did not know you can't read so next time I wl copy paste the entire log report.

How do I run Recovery Console? Is it in the Combofix download?

You said: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper."
Well, can I still have AutoRun of all CD, floppy & USB devices after running CF, as I need it.
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am

Re: Windows Stop Unexpectedly

Unread postby Scotty » July 13th, 2008, 2:37 pm

Hi

I can read, just not the "text speak" of you young 'uns :D

Once you have downloaded and saved Combofix, then downloaded and saved the Recovery Console setup file, click on the setup file, holding the mouse button down, then drag it onto the Combofix icon and let go. Combofix will then run.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 15th, 2008, 2:37 am

Hi

As instruction of ComboFix, I am unable to do these:

1. create Setup boot disks after specifying drive to copy image to. Can I create in external HDD?

2. drag the "WindowsXP-KB310994-SP2-Home-BootDisk-ENU" on top of the ComboFix icon. Can I run ComboFix without dragging the BootDisk exe?

Help!
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 15th, 2008, 3:00 am

Hi

Ok managed to run ComboFix with your instruction :cheers:
Hwvr, downloaded wrong bookdsk winxp-kb310994-sp2-home-bootdisk-enu.exe.... shud be "sp2-pro"..
Anyway, attached both logs as you asked:

ComboFix 08-07-14.2 - Lim Mervin 2008-07-15 14:46:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.525 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DRIVERS\Audio\_desktop.ini
C:\DRIVERS\Audio\Config\_desktop.ini
C:\DRIVERS\Audio\MSHDQFE\_desktop.ini
C:\DRIVERS\Audio\MSHDQFE\Win2K_XP\_desktop.ini
C:\DRIVERS\Audio\MSHDQFE\Win2K_XP\us\_desktop.ini
C:\DRIVERS\Audio\MSHDQFE\Win2K3\_desktop.ini
C:\DRIVERS\Audio\MSHDQFE\Win2K3\us\_desktop.ini
C:\DRIVERS\Audio\WDM\_desktop.ini
C:\DRIVERS\BlueTooth\_desktop.ini
C:\DRIVERS\CPU_Performance\_desktop.ini
C:\DRIVERS\Modem\_desktop.ini
C:\DRIVERS\Modem\x32\_desktop.ini
C:\DRIVERS\Modem\x32\W2KXP\_desktop.ini
C:\DRIVERS\Modem\x32\W98\_desktop.ini
C:\DRIVERS\Modem\x32\WME\_desktop.ini
C:\DRIVERS\Modem\x64\_desktop.ini
C:\DRIVERS\Modem\x64\WXP\_desktop.ini
C:\DRIVERS\nVidia\_desktop.ini
C:\DRIVERS\nVidia\Ethernet\_desktop.ini
C:\DRIVERS\nVidia\SMBus\_desktop.ini
C:\DRIVERS\nVidia\SMU\_desktop.ini
C:\DRIVERS\PowerNow\_desktop.ini
C:\DRIVERS\Touchpad\_desktop.ini
C:\DRIVERS\Touchpad\WinNT5\_desktop.ini
C:\DRIVERS\Touchpad\WinNT5\Full\_desktop.ini
C:\DRIVERS\Touchpad\WinNT5\Full\ALL\_desktop.ini
C:\DRIVERS\Touchpad\WinWDF\_desktop.ini
C:\DRIVERS\Touchpad\WinWDF\Full\_desktop.ini
C:\DRIVERS\Touchpad\WinWDF\Full\ALL\_desktop.ini
C:\DRIVERS\Touchpad\WinWDF64\_desktop.ini
C:\DRIVERS\Touchpad\WinWDF64\Full\_desktop.ini
C:\DRIVERS\Touchpad\WinWDF64\Full\ALL\_desktop.ini
C:\DRIVERS\Touchpad\x64\_desktop.ini
C:\DRIVERS\Touchpad\x64\ALL\_desktop.ini
C:\DRIVERS\VGA\_desktop.ini
C:\DRIVERS\WLAN\_desktop.ini
C:\Program Files\Realtek\InstallShield\_desktop.ini
C:\Program Files\Synaptics\SynTP\Media\_desktop.ini
C:\WINDOWS\system32\btfunc.dll
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver\btcusb.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.

2008-07-14 01:06 . 2008-07-14 01:09 <DIR> d-------- C:\Program Files\MFP Server Utilities
2008-07-12 01:22 . 2008-07-12 01:22 <DIR> d-------- C:\Lxk1100
2008-07-11 23:22 . 2000-07-15 00:00 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2008-07-11 23:22 . 2000-07-15 00:00 798,773 --a------ C:\WINDOWS\system32\MFCO42D.DLL
2008-07-11 23:22 . 2000-07-15 00:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-07-11 20:02 . 2008-07-11 20:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-10 13:51 . 2008-07-10 13:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-10 10:41 . 2008-07-10 10:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Elluminate
2008-07-03 20:35 . 2008-07-03 20:35 <DIR> d-------- C:\Program Files\PPTminimizer
2008-07-03 20:35 . 2008-07-03 20:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PPTminimizer
2008-07-03 13:04 . 2008-07-03 13:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-03 13:01 . 2008-07-03 13:01 <DIR> d-------- C:\Program Files\Skype
2008-07-03 13:01 . 2008-07-03 13:01 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-03 13:01 . 2008-07-03 13:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-07-03 12:59 . 2008-07-03 12:59 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-06-30 14:40 . 2008-06-30 14:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 09:14 . 2008-07-03 12:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-06-27 09:07 . 2004-05-19 06:44 40,960 --a------ C:\WINDOWS\system32\exitwx.exe
2008-06-23 13:35 . 2008-07-10 02:12 <DIR> d-------- C:\Program Files\XoftSpySE
2008-06-23 09:52 . 2008-06-23 09:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-21 01:46 . 2008-06-21 01:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-21 01:46 . 2008-06-21 01:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 19:51 . 2008-06-20 19:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 19:40 . 2008-06-20 19:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 19:08 . 2008-06-20 19:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 02:41 . 2008-06-20 02:41 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-20 02:01 . 2008-07-03 13:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-06-20 02:01 . 2008-06-20 02:01 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-20 01:59 . 2008-07-03 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-20 01:34 . 2008-07-10 10:46 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-06-20 01:30 . 2008-06-20 01:30 268 --ah----- C:\sqmdata00.sqm
2008-06-20 01:30 . 2008-06-20 01:30 244 --ah----- C:\sqmnoopt00.sqm
2008-06-19 23:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-19 23:49 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-19 23:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-19 19:50 . 2008-06-19 19:59 <DIR> d-------- C:\Program Files\Windows Live
2008-06-19 19:50 . 2008-06-19 19:57 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-19 19:50 . 2008-06-19 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-16 01:42 . 2008-06-16 01:42 <DIR> d-------- C:\Program Files\Sun
2008-06-16 01:35 . 2008-06-16 01:35 <DIR> d-------- C:\WINDOWS\Sun
2008-06-16 01:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 01:34 . 2008-07-15 02:00 <DIR> d-------- C:\Program Files\Java
2008-06-16 01:34 . 2008-06-16 01:34 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-15 01:47 . 2000-12-19 09:36 414,272 --a------ C:\WINDOWS\system32\DivXc32f.dll
2008-06-15 01:47 . 2000-12-19 09:36 414,272 --a------ C:\WINDOWS\system32\DivXc32.dll
2008-06-15 01:47 . 1999-05-28 22:13 301,568 --a------ C:\WINDOWS\system32\L3codecp.acm
2008-06-15 01:47 . 2000-04-26 19:48 240,400 --a------ C:\WINDOWS\system32\DIVX_c32.ax
2008-06-15 01:47 . 2002-04-12 16:58 53,248 --a------ C:\WINDOWS\system32\DivXAF.ax
2008-06-15 01:17 . 2008-06-15 01:17 <DIR> d-------- C:\WINDOWS\speech
2008-06-15 01:17 . 2008-07-14 09:50 <DIR> d-------- C:\Program Files\mtd2002
2008-06-15 01:05 . 2008-06-15 01:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-15 01:05 . 2008-06-15 01:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-06-15 01:05 . 2008-06-15 01:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-06-15 00:41 . 2008-06-15 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-15 00:40 . 2008-06-15 00:41 <DIR> d-------- C:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 05:32 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-15 05:29 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-07-13 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 04:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-03 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-22 18:16 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 22:44 --------- d-----w C:\Program Files\Unlocker
2008-06-11 20:10 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Desktopicon
2008-06-11 16:21 --------- d-----w C:\Program Files\Internet Download Manager
2008-06-11 16:20 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\IDM
2008-06-11 16:20 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Downloads
2008-06-11 16:20 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\DMCache
2008-06-11 15:05 --------- d-----w C:\Program Files\Symantec
2008-06-11 13:14 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Lavasoft
2008-06-11 06:23 --------- d-----w C:\Program Files\DIFX
2008-06-11 05:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-11 05:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-11 03:46 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Ulead VideoStudio
2008-06-11 03:46 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Ulead Systems
2008-06-11 03:37 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\CyberLink
2008-06-11 03:33 --------- d-----w C:\Program Files\CyberLink
2008-06-11 03:25 --------- d-----w C:\Program Files\Common Files\Real
2008-06-11 03:14 --------- d-----w C:\Program Files\Windows Media Components
2008-06-11 03:02 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-06-11 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-11 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-11 03:01 --------- d-----w C:\Program Files\Ulead Systems
2008-06-11 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-11 02:17 --------- d-----w C:\Documents and Settings\Lim Mervin\Application Data\Symantec
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360]
"mtd2002Svr"="C:\Program Files\mtd2002\mtdserver.exe" [2002-10-05 13:05 544768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-14 03:02 7573504]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-10 21:34 798810]
"CPUTray"="C:\WINDOWS\system32\CPUTray.exe" [2005-05-14 06:46 212992]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 12:15 15872]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43 57344]
"nwiz"="nwiz.exe" [2006-06-14 03:02 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 22:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-09-10 21:34 2879488 C:\WINDOWS\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 08:12 110592 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-05-29 03:12:48 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-04-26 23:30 895672 C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 10:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-14 08:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
-ra------ 2006-09-10 21:34 557056 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\mtd2002\\mtdserver.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-26 23:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-06-01 00:51]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-13 15:27]
S2 ALIWEHCD;MFP Server Enhanced Controller;C:\WINDOWS\system32\Drivers\mfpec.sys []
S3 PhnxVcd;PhnxVcd;C:\WINDOWS\system32\Drivers\PhnxVcd.sys [2005-02-26 09:34]
S3 WUSBVBus;MFP Server Detector;C:\WINDOWS\system32\DRIVERS\mfpvbus.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{789df6d6-0d0e-11dc-a94b-806d6172696f}]
\Shell\AutoRun\command - D:\AUTORUN.exe /AUTORUN

.
Contents of the 'Scheduled Tasks' folder
"2008-07-15 05:32:20 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-14 19:00:22 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Antispyware - C:\Program Files\AntiSpywareApp\Antispyware.exe
MSConfigStartUp-Eval - C:\Program Files\Phoenix Technologies\cME\RPro\Eval\Eval.exe
MSConfigStartUp-Guard - C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe
MSConfigStartUp-RestoreIT! - C:\Program Files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 14:47:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-15 14:48:17
ComboFix-quarantined-files.txt 2008-07-15 06:48:13

Pre-Run: 39,784,910,848 bytes free
Post-Run: 39,836,839,936 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

258 --- E O F --- 2008-07-09 02:56:03



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:59 PM, on 7/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.twinhead.com/
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPUTray] C:\WINDOWS\system32\CPUTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -f
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.twinhead.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7942 bytes
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am

Re: Windows Stop Unexpectedly

Unread postby Scotty » July 15th, 2008, 8:01 am

Hi

Go to http://virusscan.jotti.org
Copy the following line into the white textbox:
D:\AUTORUN.exe
Click Submit.
Please post the results of this scan to this thread.

If Jotti is busy or unavailable, please try
Virustotal
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 15th, 2008, 1:06 pm

Hi

unable to copy D:\AUTORUN.exe as it's DVD-RAM drive & cannot locate white box in http://virusscan.jotti.org/ or Virustotal.

Do you mean the Browse Box?

Pls assist
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am

Re: Windows Stop Unexpectedly

Unread postby Scotty » July 15th, 2008, 1:32 pm

Yes, use the browse button if copy/pasting doesnt work.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: Windows Stop Unexpectedly

Unread postby Jacklim » July 16th, 2008, 1:06 am

There's no file/program/disk in the DVD drive, so no Autorun or exe.

How?
Jacklim
Regular Member
 
Posts: 17
Joined: June 15th, 2008, 11:51 am

Re: Windows Stop Unexpectedly

Unread postby Scotty » July 16th, 2008, 7:02 am

No worries, lets press on.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
If the above link doesnt work use this alternative ATF (Atribune Temp File) Cleaner© by Atribune
Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

*Note* If you do not have Firefox or Opera, those options will be greyed out.


Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


Once you have installed the Scanner, and the updated definitions, you can disconnect from the Internet and disable your anti-virus, to reduce scanning time. Re-enable the anti-virus before reconnecting to the Internet.
Instructions on disabling a variety of security programs can be found at the link below.

http://www.bleepingcomputer.com/forums/topic114351.html
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 231 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware