Computer reboots throught a Ad-Aware virus scan

radiogold · 2008/04/11

Hello folks,

I think my brother downloaded a bad file the other day which infected my computer with some sort of virus.

Anyway computer was running very slow, so I did a clean-out this morning of removing some programs. I then did a AVG full scan, which found 24 viruses, and it was able to move 19. I thought for a moment that it hadn't moved all of them, but the error report said "no errors in removing viruses ". So I'm assuming that they might have been some double finds. I feel more that it has actually missed some.

AVG also noted that my kernel32 file had been changed.

I then did a spybot search and destroy, which removed another 37 objects.

Now when I start doing a scan with Ad-Aware 2007, (full scan), the scan progresses about 15%, then my computer just suddenly reboots. I done the same three times, and it seems to do a reboot, everytime Ad-aware get's to the same spot.

Is it possible that the virus has tweaked my virus programs.

Here is the HIJACK THIS log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:59 PM, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ldprt7.exe
C:\Adobe\Acrobat Professional 7\Acrobat\acrobat_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/web/advanced?ei=UTF-8
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: febooti ie&Zoom - {605F5EB4-E40B-4000-BD60-70CF5494ED9F} - C:\febooti ieZoom\ieZoom.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Winupdates] ldprt7.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\MARKBO~1\LOCALS~1\Temp\csrssc.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097053507402
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: FireDaemon Service: system (system) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 8727 bytes

System info,

Medion 8383 computer
Windows XP SP2
512 RAM
Pentium 3.4 Gigs
250 GB Hard-drive

Any help would be much appreciated.

radiogold · 2008/04/11

UPDATE

I have just done a full scan with Ad-Aware 2007, while having my computer in safe mode, and it seem to go through the entire scan without any problems. It removed another 21 infections, and 1 tracking cookie.

To see if it fixed the problem, I rebooted windows in full-mode, and again did a Ad-Aware scan. Unfortunately, computer rebooted again at the exact same scanning point as the other three scans.

Windows was in full mode, everytime it rebooted throughout a scan, but scan went fine in safe-mode.

radiogold · 2008/04/11

I've done another Ad-Aware scan in safe mode, and they were four new infections. They were not viruses though, rather more cookies.

When I rebooted into normal mode, and opened IE, I got a message asking if I should optomise my computer. I just closed the window as I had never seen it before.

Internet page froze and I had to restart computer.

I've been using internet now for about 20 minutes, and everything seems to be okay so far, but still here activity in my hard-drive.

Here is a scan from Deckards as requested.

Deckard's System Scanner v20071014.68
Run by XXXXX XXXXX on 2008-04-12 01:10:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
98: 2008-04-11 15:11:16 UTC - RP98 - Deckard's System Scanner Restore Point
97: 2008-04-11 05:36:40 UTC - RP97 - Removed SnagIt 8
96: 2008-04-11 02:29:58 UTC - RP96 - Last known good configuration
95: 2008-04-11 02:29:52 UTC - RP95 - Software Distribution Service 3.0
94: 2008-04-11 02:29:51 UTC - RP94 - System Checkpoint

-- First Restore Point --
1: 2008-04-11 02:29:37 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Mark Boerebach.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:09 AM, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Software Back Up 2007\Hijack this 199\dss.exe
C:\TRENDM~1\HIJACK~1\Mark Boerebach.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/web/advanced?ei=UTF-8
O2 - BHO: (no name) - {07e0f1c9-e437-4fdf-bcd5-62b713fd0562} - C:\WINDOWS\system32\mlJdeDSJ.dll (file missing)
O2 - BHO: (no name) - {24e9519b-3f70-429b-99bc-4b2b49b96f66} - blank (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: blank - {c5af49a2-94f3-42bd-f434-2604812c897d} - blank (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: febooti ie&Zoom - {605F5EB4-E40B-4000-BD60-70CF5494ED9F} - C:\febooti ieZoom\ieZoom.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [WinampAgent] C:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BM67045aa6] Rundll32.exe "C:\WINDOWS\system32\gbbckjlq.dll ",s
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\MARKBO~1\LOCALS~1\Temp\csrssc.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Adobe\Acrobat Professional 7\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1097053507402
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: khfFVPFv - khfFVPFv.dll (file missing)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - blank (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: FireDaemon Service: system (system) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9104 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R0 iviVD - c:\windows\system32\drivers\ivivd.sys <Not Verified; InterVideo; InterVideo iviVD>
R1 cdrblock - c:\windows\system32\drivers\cdrblock.sys <Not Verified; Canopus Co,. Ltd.; Canopus DREngine Liibrary>
R1 cdrport - c:\windows\system32\drivers\cdrport.sys <Not Verified; Canopus Co,. Ltd.; Canopus DREngine Liibrary>
R1 mapledxp - c:\windows\system32\drivers\mapledxp.sys <Not Verified; Jeff Hurchalla and Marble Sound; MarbleSound Maple Midi XP Driver SYS>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.0.0.5) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.6>
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 AgereSoftModem (Creatix V.92 Data Fax Modem) - c:\windows\system32\drivers\agrsm.sys (file missing)
S3 CardReaderFilter (Card Reader Filter) - c:\windows\system32\drivers\usbcrft.sys <Not Verified; ICSI Technology Ltd.; USB Card Reader and FlashDisk>
S3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 st324kj - c:\windows\system32\drivers\st324kj.sys (file missing)
S3 vidcap - c:\windows\system32\drivers\vidcap.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 LogWatch (Event Log Watch) - "c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" <Not Verified; Computer Associates; Computer Associates LogWatNT>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S2 ecure (FireDaemon Service: ecure) - c:\windows\temp\firedaemon.exe (file missing)
S2 svchost1 (FireDaemon Service: svchost1) - c:\windows\temp\firedaemon.exe (file missing)
S2 system (FireDaemon Service: system) - c:\windows\temp\firedaemon.exe (file missing)
S3 CA_LIC_CLNT (CA License Client) - "c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe" <Not Verified; Computer Associates; Computer Associates lic98rmt>
S3 CA_LIC_SRVR (CA License Server) - "c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe" <Not Verified; Computer Associates; Computer Associates lic98rmtd>
S3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-05 14:41:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-03-12 and 2008-04-12 -----------------------------

2008-04-12 00:41:32 90176 --a------ C:\WINDOWS\system32\gbbckjlq.dll
2008-04-11 19:23:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-11 16:56:26 0 d-------- C:\Trend Micro
2008-04-11 13:10:30 54272 --a------ C:\WINDOWS\system32\ldprt7.exe
2008-04-11 13:10:18 55218 --a------ C:\WINDOWS\zeqbqwp.sys
2008-04-11 13:10:16 212184 --a------ C:\WINDOWS\system32\proxycfg.dll
2008-04-11 12:29:26 183423 --ahs---- C:\WINDOWS\system32\JSDedJlm.ini2
2008-04-11 12:20:35 0 d-------- C:\Program Files\Anonymizer
2008-04-07 21:38:45 0 d-------- C:\Documents and Settings\Mark Boerebach\Application Data\Anonymizer
2008-04-07 21:37:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Anonymizer
2008-04-07 20:42:03 0 d-------- C:\Documents and Settings\Mark Boerebach\Application Data\Move Networks
2008-03-31 19:17:37 0 d-------- C:\Bome's Mouse Keyboard
2008-03-28 21:04:53 0 d-------- C:\FTP Folder
2008-03-28 18:59:54 0 d-------- C:\Admin office - April 2008
2008-03-25 20:59:22 0 d-------- C:\Abba
2008-03-25 02:04:29 0 d-------- C:\IP Changer 2.0
2008-03-18 18:43:02 0 d-------- C:\Documents and Settings\Mark Boerebach\Application Data\febooti software
2008-03-18 18:41:54 0 d-------- C:\febooti ieZoom
2008-03-14 15:15:29 0 d-------- C:\Documents and Settings\Mark Boerebach\Application Data\Talkback

-- Find3M Report ---------------------------------------------------------------

2008-04-12 00:53:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-12 00:50:08 0 d-------- C:\Program Files\Norton Security Scan
2008-04-12 00:44:38 0 --a------ C:\WINDOWS\TempFile
2008-04-11 15:37:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-11 12:12:47 0 d-------- C:\Documents and Settings\Mark Boerebach\Application Data\AVG7
2008-04-09 00:42:37 0 d-------- C:\Documents and Settings\Mark Boerebach\Application Data\Skype
2008-03-31 19:17:38 0 d-------- C:\Documents and Settings\Mark Boerebach\Application Data\Propellerhead Software
2008-03-28 19:41:57 0 d-------- C:\Documents and Settings\Mark Boerebach\Application Data\Adobe
2008-03-24 18:25:09 11074 --a------ C:\Documents and Settings\Mark Boerebach\Application Data\wklnhst.dat
2008-03-24 08:35:06 14602 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-03 20:45:43 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2008-03-03 20:45:43 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-03-01 22:56:20 0 d-------- C:\Program Files\Xing
2008-03-01 22:56:20 0 d-------- C:\Program Files\Common Files\xing shared
2008-02-24 12:08:21 7452 --a------ C:\WINDOWS\unins000.dat
2008-02-24 12:08:08 673546 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
2008-02-24 00:32:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-23 18:32:40 0 d-------- C:\Documents and Settings\Mark Boerebach\Application Data\Steinberg
2008-02-23 18:25:55 0 d-------- C:\Program Files\Syncrosoft
2008-02-13 23:10:59 0 d-------- C:\Program Files\Lavasoft
2008-02-13 23:05:41 0 d-------- C:\Documents and Settings\Mark Boerebach\Application Data\Lavasoft
2008-01-25 15:08:43 180984 --a------ C:\Documents and Settings\Mark Boerebach\Application Data\GDIPFONTCACHEV1.DAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07e0f1c9-e437-4fdf-bcd5-62b713fd0562}]
C:\WINDOWS\system32\mlJdeDSJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24e9519b-3f70-429b-99bc-4b2b49b96f66}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [21/09/2004 08:09 AM]
"Desktop Service Centre "= "C:\Program Files\OptusNet DSL Internet\DSC.exe" [30/11/2005 12:21 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 03:43 AM]
"WinampAgent "= "C:\Winamp\winampa.exe" [15/05/2007 08:22 AM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06 AM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [13/09/2007 12:16 PM]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
"QuickTime Task "= "C:\QuickTime\qttask.exe" [10/01/2008 02:27 PM]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07/03/2008 09:46 PM]
"KernelFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -k" []
"BM67045aa6 "= "C:\WINDOWS\system32\gbbckjlq.dll" [12/04/2008 12:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jnskdfmf9eldfd "= "C:\DOCUME~1\MARKBO~1\LOCALS~1\Temp\csrssc.exe" []

C:\Documents and Settings\Mark Boerebach\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 7:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [14/06/2006 10:51:08 PM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [17/01/2007 12:50:00 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [9/07/2007 11:26:01 PM]
InterVideo WinCinema Manager.lnk - C:\InterVideo\Common\Bin\WinCinemaMgr.exe [28/04/2006 6:29:57 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions "=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D} "= blank [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{24E9519B-3F70-429B-99BC-4B2B49B96F66} "= blank [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfFVPFv]
khfFVPFv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINDOWS\system32\mlJdeDSJ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mark Boerebach^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC "=3 (0x3)
"SPBBCSvc "=3 (0x3)
"SNDSrvc "=3 (0x3)
"SAVScan "=3 (0x3)
"NSCService "=3 (0x3)
"navapsvc "=2 (0x2)
"comHost "=3 (0x3)
"ccSetMgr "=2 (0x2)
"ccProxy "=2 (0x2)
"ccISPwdSvc "=3 (0x3)
"ccEvtMgr "=2 (0x2)

-- End of Deckard's System Scanner: finished at 2008-04-12 01:14:18 ------------

radiogold · 2008/04/11

For the two times I ran spybot, I got the following message, about 95% of the way through the scan.

There were problems in the include file C:\Spybot Search Destroy\includes\TrojansC.sbi
See "include error log" for details.

I looked for the requested log file within the spybot directory, but it was no where to be seen.

noahdfear · 2008/04/11

Hi radiogold

Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

radiogold · 2008/04/13

Hi noahdfear,

thank you for the help, I've just wanted to update you guys, that I managed to resolve the problem this evening, (sunday evening).

I downloaded SuperAntiSpyware and it picked up a swod of material from a virus called Vautum-C (can't remember the name exactly) but glad it's all gone.

AVG, Spybot, nor Ad-Aware weren't able to get rid of it. Bizarre how three virus programs can miss it, but fourth time lucky

What happened is what ever virus it was, when it downloaded it self, it actually damaged my virus programs. I had to delete and reinstall Spybot and Ad-Aware.

Thanks

Log in or Sign up

Computer reboots throught a Ad-Aware virus scan

radiogold Inactive Thread Starter

radiogold Inactive Thread Starter

radiogold Inactive Thread Starter

radiogold Inactive Thread Starter

noahdfear Inactive

radiogold Inactive Thread Starter

Share This Page

Log in or Sign up

Computer reboots throught a Ad-Aware virus scan

radiogold Inactive Thread Starter

radiogold Inactive Thread Starter

radiogold Inactive Thread Starter

radiogold Inactive Thread Starter

noahdfear Inactive

radiogold Inactive Thread Starter

Share This Page

Useful Searches