0x005f0289

View previous topic View next topic Go down

0x005f0289 & 0x005e0289. help !

Post by PUTU_16 on Fri Sep 04, 2009 6:20 am

Hi Belahzur...
i have same problem like SanketGooner.
but after i got message :
logonui.exe - application error
the instruction at "0x005f0289" referenced memory at "0x005f0289" . The memory could not be "written: Click on OK to terminate the program, CLick on cancel to debug the program

i got another message :

logonui.exe - application error
the instruction at "0x005e0289" referenced memory at "0x005e0289" . The memory could not be "written: Click on OK to terminate the program, CLick on cancel to debug the program

then i got message data execution prevention like SanketGooner.

this is my hijackthis.log :

[You must be registered and logged in to see this link.]

please help me...
sorry for my english !! Goofy

PUTU_16
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-09-04
Gender Gender : Male
OS OS : Windows XP Sp2
Points Points : 26505
# Likes # Likes : 0

View user profile

Back to top Go down

This is my dds file part1, so you can check it.

Post by PUTU_16 on Fri Sep 04, 2009 6:44 am

This is my dds file part1 :
Code:
DDS (Ver_09-07-30.01) - NTFSx86 
Run by Utup_Here at 14:26:25.39 on Fri 09/04/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.893.377 [GMT 8:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)  {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Hide My IP 2009\SecureSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\BisonCam\BisonTrayIcon.exe
C:\WINDOWS\BisonCam\BisonHK.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\NewSoft\Presto! PVR\TRemote.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PowerArchiver\POWERARC.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Utup_Here\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.short-funny-jokes.com
uInternet Connection Wizard,ShellNext = hxxp://www.internetdownloadmanager.com/welcome.html
mWinlogon: Taskman=c:\recycler\s-1-5-21-1275518598-2988612220-522165297-2816\wnzip32.exe
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [12CFG515-K641-55SF-N66P] c:\recycler\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [BisonTrayIcon] c:\windows\bisoncam\BisonTrayIcon.exe
mRun: [BisonHK] c:\windows\bisoncam\BisonHK.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [ChangeFilterMerit] c:\program files\newsoft\presto! pvr\ChangeFilterMerit.exe
mRun: [Presto! PVR Monitor] c:\program files\newsoft\presto! pvr\Monitor.exe
mRun: [TRemote] c:\program files\newsoft\presto! pvr\TRemote.exe
mExplorerRun: [exec] c:\windows\fonts\services.exe
StartupFolder: c:\docume~1\utup_h~1\startm~1\programs\startup\timeleft.lnk - c:\program files\timeleft3\TimeLeft.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotkey~1.lnk - c:\program files\hotkey_driver\HotKeyDriver.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\SecureNet.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {DBD8F5C1-2F89-4FE2-9FB3-BB58AAE77262} = 10.255.57.142 202.152.5.36
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\utup_h~1\applic~1\mozilla\firefox\profiles\xdcdpfgr.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\utup_here\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",  false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",  true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",      true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",              false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",              true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                  true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",            false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
Well, i disabled my AV because bitdefender will blocked the process of dds.scr, so the dds.txt and attach.txt will not open up.

PUTU_16
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-09-04
Gender Gender : Male
OS OS : Windows XP Sp2
Points Points : 26505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Issue

Post by PUTU_16 on Fri Sep 04, 2009 6:50 am

This is my dds.txt part2 :
============= SERVICES / DRIVERS ===============

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-8-25 603904]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 securesrv;SecureSrv;c:\program files\hide my ip 2009\SecureSrv.exe [2009-9-4 1691648]
S1 glaide32;glaide32;\??\c:\windows\system32\drivers\glaide32.sys --> c:\windows\system32\drivers\glaide32.sys [?]
S2 Yahoo! Zimbra Desktop Service;Yahoo! Zimbra Desktop Service;c:\program files\zdesktop\zdesktop.exe [2009-8-29 139264]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
S3 audiobridge;Virtual Audio Bridge;c:\windows\system32\drivers\aubridge.sys [2007-7-23 22528]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-7 34064]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2009-8-24 180480]
S3 TridVid;Trident Analog Video;c:\windows\system32\drivers\TridVid.sys [2009-8-25 159232]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [2009-8-28 28928]

=============== Created Last 30 ================

2009-09-04 13:59 --d----- c:\program files\Trend Micro
2009-09-04 13:08 101 a------- C:\Underground Affiliate Secrets.url
2009-09-04 12:49 163,840 a------- c:\windows\system32\SecureNet.dll
2009-09-04 12:48 --d----- c:\program files\Hide My IP 2009
2009-09-04 12:28 107,864 a------- c:\windows\system32\tsccvid.dll
2009-09-04 12:28 --d----- c:\program files\common files\TechSmith Shared
2009-09-03 22:57 35,840 a------- c:\windows\system32\COMDLG32.oca
2009-09-03 22:55 1,000,000 a------- C:\TEMP.AVI
2009-09-03 22:55 240,128 a------- c:\windows\system32\COMCTL32.oca
2009-09-03 22:43 126 a------- c:\windows\mdm.ini
2009-09-03 22:43 288 a------- c:\windows\ODBC.INI
2009-09-03 22:41 --d----- c:\program files\Web Publish
2009-09-03 21:58 --d----- c:\windows\system32\QuickTime
2009-09-03 21:58 --d----- c:\program files\Macromedia
2009-09-03 21:58 --d----- c:\program files\common files\Macromedia
2009-09-03 20:24 --d----- c:\program files\Windows Media Connect 2
2009-09-03 18:29 --d----- c:\program files\PowerArchiver
2009-09-03 16:31 125,440 a------- C:\otcw.exe
2009-09-03 16:28 83,968 a------- c:\windows\system32\drivers\88d9ce6c.sys
2009-09-03 16:27 2 a------- C:\1959746666
2009-09-03 12:41 --d----- c:\program files\Hide IP
2009-09-03 11:43 --d----- C:\MS Rapid Downloads
2009-09-03 11:32 --d----- c:\program files\Gladiator16
2009-09-03 11:02 --d----- c:\program files\temp
2009-09-03 10:24 1,693,968 a------- c:\windows\system32\VBA6.DLL
2009-09-03 10:24 115,920 a------- c:\windows\system32\MSINET.OCX
2009-09-03 10:24 --d----- c:\program files\PianoFX
2009-09-02 20:17 81,408 a------- c:\windows\system32\ccrpTmr.dll
2009-09-02 20:06 --d-h--- c:\windows\PIF
2009-09-02 18:20 --d----- c:\documents and settings\utup_here\midi2style
2009-09-02 18:18 --d----- c:\program files\midi2style
2009-09-01 22:46 --d----- c:\docume~1\utup_h~1\applic~1\LingvoSoft
2009-09-01 19:21 --d----- c:\program files\FlexiMusic Composer
2009-09-01 19:08 28,672 a------- c:\windows\system32\MSGHOO32.OCX
2009-09-01 19:08 --d----- c:\program files\One Man Band v71
2009-09-01 18:17 --d----- c:\program files\FlexiMusic Orchestra
2009-09-01 18:17 73,216 a------- c:\windows\ST6UNST.EXE
2009-08-31 21:12 --d----- c:\program files\Digital Guitar Tuner 2.3
2009-08-31 19:17 --d----- C:\Temp
2009-08-31 19:16 156,910 a------- c:\windows\WMSysPr8.prx
2009-08-31 19:16 1,683,792 a------- c:\windows\system32\wmvcore2.dll
2009-08-31 19:16 665,424 a------- c:\windows\system32\wmv8dmoe.dll
2009-08-31 19:16 572,752 a------- c:\windows\system32\wmvdmoe.dll
2009-08-31 19:16 438,608 a------- c:\windows\system32\wmv8dmod.dll
2009-08-31 19:16 285,184 a------- c:\windows\system32\wmidx2.ocx
2009-08-31 19:15 --d----- c:\program files\coolpro2
2009-08-31 18:09 --d----- c:\windows\system32\datas
2009-08-31 17:56 12,784 a------- C:\DEBUG.DBG
2009-08-31 17:56 3,346 ----h--- c:\windows\system32\v17F645ACC98139.dll
2009-08-31 17:54 --d----- c:\windows\Absolut Piano Steinway
2009-08-31 17:54 --d----- c:\program files\Steinberg
2009-08-31 16:28 --d----- C:\JmSoftware
2009-08-31 15:31 29,696 a------- c:\windows\system32\VB5StKit.dll
2009-08-31 15:31 71,680 a------- c:\windows\ST5UNST.EXE
2009-08-31 15:31 545,280 a------- c:\windows\system32\temp.004
2009-08-31 15:31 545,280 a------- c:\windows\system32\temp.003
2009-08-31 15:31 545,280 a------- c:\windows\system32\temp.002
2009-08-31 15:31 545,280 a------- c:\windows\system32\temp.001
2009-08-31 15:31 545,280 a------- c:\windows\system32\temp.000
2009-08-31 15:29 30,520 a------- c:\windows\system32\midiwrap3405.deu
2009-08-31 15:29 --d----- c:\docume~1\alluse~1\applic~1\KB Piano
2009-08-31 15:29 --d----- c:\program files\KB Piano 2
2009-08-31 14:47 3 a------- c:\windows\system32\mnprxp1.bin
2009-08-31 14:47 --d----- c:\program files\A73 Piano Station
2009-08-31 14:00 --d----- c:\windows\system32\XPSViewer
2009-08-31 13:59 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-31 13:59 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-31 13:59 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-31 13:59 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-31 13:59 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-31 13:59 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-31 13:59 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-31 13:53 --d----- c:\program files\MSXML 6.0
2009-08-31 13:28 --d----- c:\docume~1\alluse~1\applic~1\Power Soft
2009-08-31 13:24 --d----- c:\program files\TimeLeft3
2009-08-31 13:24 --d----- c:\docume~1\utup_h~1\applic~1\NesterSoft
2009-08-31 11:52 --d----- c:\windows\system32\CatRoot_bak
2009-08-31 09:52 69,632 a------- c:\windows\amcap.exe
2009-08-31 09:52 8,719,616 a------- c:\windows\system32\drivers\snpstd3.sys
2009-08-31 09:52 339,968 a------- c:\windows\vsnpstd3.exe
2009-08-31 09:52 90,112 a------- c:\windows\tsnpstd3.exe
2009-08-31 09:52 15,498 a------- c:\windows\snpstd3.ini
2009-08-31 09:52 13,023 a------- c:\windows\snpstd3.src
2009-08-31 09:52 61,440 a------- c:\windows\system32\rsnpstd3.dll
2009-08-31 09:52 61,440 a------- c:\windows\system32\csnpstd3.dll
2009-08-31 09:52 53,248 a------- c:\windows\vsnpstd3.dll
2009-08-31 09:52 53,248 a------- c:\windows\system32\vsnpstd3.dll
2009-08-31 09:52 20,480 a------- c:\windows\usnpstd3.exe
2009-08-31 09:52 --d----- c:\program files\common files\snpstd3
2009-08-31 09:52 20,480 -------- c:\windows\CameraFixer.exe
2009-08-31 09:38 --d----- c:\docume~1\utup_h~1\applic~1\Polycom
2009-08-31 09:37 --d----- c:\program files\Polycom
2009-08-31 09:36 --d----- c:\windows\Downloaded Installations
2009-08-29 17:35 --d----- c:\docume~1\utup_h~1\applic~1\Yahoo! Inc
2009-08-29 17:28 --d----- c:\program files\zdesktop
2009-08-29 13:27 421,888 a------- c:\windows\system32\ac3filter.acm
2009-08-29 13:26 --d----- c:\program files\XP Codec Pack
2009-08-29 13:17 --d----- c:\program files\Delta
2009-08-29 00:56 --d----- c:\program files\netcut
2009-08-28 19:58 --d----- c:\windows\pss
2009-08-28 17:33 --d----- c:\docume~1\utup_h~1\applic~1\Windows Search
2009-08-28 17:29 --d----- c:\docume~1\utup_h~1\applic~1\Windows Desktop Search
2009-08-28 17:28 --d----- c:\program files\Windows Desktop Search
2009-08-28 15:46 221,184 a------- c:\windows\system32\wmpns.dll
2009-08-28 15:44 --d----- c:\windows\ServicePackFiles
2009-08-28 15:00 86,016 a------- c:\windows\removeark.exe
2009-08-28 15:00 28,928 a------- c:\windows\system32\drivers\usb2vcom.sys
2009-08-28 14:20 --d----- c:\program files\YPOPs
2009-08-28 14:20 --d----- c:\documents and settings\utup_here\YPOPs

PUTU_16
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-09-04
Gender Gender : Male
OS OS : Windows XP Sp2
Points Points : 26505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Issue

Post by PUTU_16 on Fri Sep 04, 2009 6:52 am

And This is my dds.txt part3 :
2009-08-28 13:03 --d----- C:\Lyrics
2009-08-28 13:03 --d----- c:\program files\Minilyrics
2009-08-28 09:19 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-08-28 09:19 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-08-28 09:11 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-28 09:11 2,180,480 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-28 09:11 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-28 09:11 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-08-28 09:02 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-27 21:57 --d----- c:\program files\DFX
2009-08-27 21:56 --d----- c:\docume~1\alluse~1\applic~1\ConeXware
2009-08-27 21:21 --d----- C:\WTK25
2009-08-27 21:20 --d----- c:\windows\system32\Temp
2009-08-27 21:15 --d----- c:\program files\Sjboy Emulator
2009-08-27 21:07 --d----- c:\program files\WinPcap
2009-08-27 21:06 --d----- c:\program files\IMMonitor
2009-08-27 18:11 --d----- c:\windows\system32\PreInstall
2009-08-27 18:10 --d-h--- c:\windows\$hf_mig$
2009-08-27 14:16 --d----- c:\windows\system32\SoftwareDistribution
2009-08-27 11:05 --d----- c:\docume~1\alluse~1\applic~1\Fugazo
2009-08-26 17:21 --d----- c:\docume~1\alluse~1\applic~1\DFX
2009-08-26 17:21 --d----- c:\program files\common files\DFX
2009-08-26 17:15 --d----- c:\program files\VideoLAN
2009-08-26 14:51 --d----- c:\program files\Yahoo!
2009-08-26 01:08 0 a------- c:\windows\DMM.INI
2009-08-26 01:00 65,322 a------- C:\power.mat
2009-08-26 01:00 8,207 a------- C:\bo.mat
2009-08-26 00:52 --d----- c:\program files\MP3Cutter
2009-08-26 00:49 --d----- c:\program files\Cool MP3 Splitter
2009-08-26 00:19 3,253 a------- c:\windows\system32\wbem\Outlook_01ca259fce1b562a.mof
2009-08-25 22:19 45,791,608 a------- C:\The_Corrs-Unplugged_Live.MP3
2009-08-25 22:11 --d----- c:\program files\common files\DeskShare Shared
2009-08-25 22:11 258,352 a------- c:\windows\system32\Unicows.dll
2009-08-25 22:11 224,016 a------- c:\windows\system32\TABCTL32.OCX
2009-08-25 22:11 --d----- c:\program files\Deskshare
2009-08-25 21:24 15,360 ac------ c:\windows\system32\dllcache\mpe.sys
2009-08-25 21:24 15,360 a------- c:\windows\system32\drivers\MPE.sys
2009-08-25 21:23 159,232 a----r-- c:\windows\system32\drivers\TridVid.sys
2009-08-25 21:23 28,672 a----r-- c:\windows\system32\VendorCmdRW.dll
2009-08-25 21:23 363,520 ac------ c:\windows\system32\dllcache\psisdecd.dll
2009-08-25 21:23 363,520 a------- c:\windows\system32\PsisDecd.dll
2009-08-25 21:23 56,832 ac------ c:\windows\system32\dllcache\msdvbnp.ax
2009-08-25 21:23 11,776 ac------ c:\windows\system32\dllcache\bdasup.sys
2009-08-25 21:23 56,832 a------- c:\windows\system32\MSDvbNP.ax
2009-08-25 21:23 11,776 a------- c:\windows\system32\drivers\BdaSup.sys
2009-08-25 21:23 33,280 ac------ c:\windows\system32\dllcache\psisrndr.ax
2009-08-25 21:23 18,432 ac------ c:\windows\system32\dllcache\bdaplgin.ax
2009-08-25 21:23 33,280 a------- c:\windows\system32\PsisRndr.ax
2009-08-25 21:23 18,432 a------- c:\windows\system32\BdaPlgIn.ax
2009-08-25 21:19 --d----- c:\program files\common files\NewSoft
2009-08-25 21:19 --d----- c:\program files\NewSoft
2009-08-25 21:06 --d----- c:\program files\Alcohol Soft
2009-08-25 21:04 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-08-25 20:58 --d----- c:\program files\common files\EZB Systems
2009-08-25 20:58 --d----- c:\program files\UltraISO
2009-08-25 20:56 --d----- c:\program files\LingvoSoft
2009-08-25 20:52 16,816 a----r-- c:\windows\system32\drivers\vmnetadapter.sys
2009-08-25 20:52 13,104 a----r-- c:\windows\system32\vnetinst.dll
2009-08-25 20:52 121,392 a------- c:\windows\system32\vmnetdhcp.exe
2009-08-25 20:52 150,064 a------- c:\windows\system32\vmnat.exe
2009-08-25 20:52 25,008 a------- c:\windows\system32\drivers\vmnetuserif.sys
2009-08-25 20:52 50,992 a----r-- c:\windows\system32\vmnetbridge.dll
2009-08-25 20:52 28,592 a----r-- c:\windows\system32\drivers\vmnetbridge.sys
2009-08-25 20:52 17,712 a----r-- c:\windows\system32\drivers\vmnet.sys
2009-08-25 20:52 436,784 a------- c:\windows\system32\vnetlib.dll
2009-08-25 20:52 20,912 a------- c:\windows\system32\drivers\VMkbd.sys
2009-08-25 20:52 1,024 a------- C:\.rnd
2009-08-25 20:49 --d----- c:\program files\VMware
2009-08-25 20:49 --d----- c:\program files\common files\VMware
2009-08-25 20:45 --d----- c:\program files\AviSynth 2.5
2009-08-25 20:45 --d----- c:\program files\eRightSoft
2009-08-25 20:44 --d----- c:\program files\Mpeg2Decoder
2009-08-25 20:43 --d----- c:\program files\Teleport Pro
2009-08-25 20:42 --d----- c:\docume~1\utup_h~1\applic~1\Mp3 Audio Editor
2009-08-25 20:41 478,208 a------- c:\windows\system32\NCTAudioVisualization2.dll
2009-08-25 20:41 417,792 a------- c:\windows\system32\NCTTextToAudio2.dll
2009-08-25 20:41 348,160 a------- c:\windows\system32\NCTWMAFile2.dll
2009-08-25 20:41 113,486 a------- c:\windows\system32\NCTWMAProfiles.prx
2009-08-25 20:41 522,752 a------- c:\windows\system32\NCTAudioTransform2.dll
2009-08-25 20:41 467,968 a------- c:\windows\system32\NCTAudioRecord2.dll
2009-08-25 20:41 467,456 a------- c:\windows\system32\NCTAudioPlayer2.dll
2009-08-25 20:41 1,986,560 a------- c:\windows\system32\NCTAudioFile2.dll
2009-08-25 20:41 966,144 a------- c:\windows\system32\NCTAudioInformation2.dll
2009-08-25 20:41 634,880 a------- c:\windows\system32\NCTAudioEditor2.dll
2009-08-25 20:41 479,744 a------- c:\windows\system32\NCTAudioCDGrabber2.dll
2009-08-25 20:41 --d----- c:\program files\Mp3 Audio Editor
2009-08-25 20:31 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-08-25 20:31 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-08-25 20:30 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-08-25 20:30 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-08-25 19:54 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-25 13:16 --d-h--- c:\program files\InstallJammer Registry
2009-08-25 13:16 --d----- c:\program files\Parkour Runner Extreme
2009-08-25 12:42 --d----- c:\docume~1\utup_h~1\applic~1\Mikrotik
2009-08-25 12:41 --d-h--- c:\windows\system32\GroupPolicy
2009-08-25 12:40 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-08-25 11:01 868 a------- c:\windows\system32\BDUpdateV1.xml
2009-08-25 06:00 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2009-08-25 06:00 11,136 a------- c:\windows\system32\drivers\SLIP.sys
2009-08-25 06:00 85,376 a------- c:\windows\system32\drivers\NABTSFEC.sys
2009-08-25 05:58 44,672 ac------ c:\windows\system32\dllcache\uagp35.sys
2009-08-25 05:58 44,672 a------- c:\windows\system32\drivers\UAGP35.SYS
2009-08-25 05:58 74,240 a------- c:\windows\system32\usbui.dll
2009-08-25 05:58 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-08-25 05:57 9,344 a------- c:\windows\system32\drivers\compbatt.sys
2009-08-25 05:57 14,080 a------- c:\windows\system32\drivers\CmBatt.sys
2009-08-25 05:57 14,080 a------- c:\windows\system32\drivers\battc.sys
2009-08-25 05:56 --d----- c:\program files\common files\ODBC
2009-08-25 05:56 --d----- c:\program files\common files\SpeechEngines
2009-08-25 05:56 --d--r-- c:\documents and settings\all users\Documents
2009-08-25 05:55 --d----- c:\windows\system32\CatRoot2
2009-08-25 05:55 --d----- c:\windows\system32\CatRoot
2009-08-25 05:55 --d----- C:\Documents and Settings
2009-08-25 05:54 261 a------- c:\windows\system32\$winnt$.inf
2009-08-25 00:39 --d----- c:\program files\Guitar Pro 5
2009-08-25 00:25 --d----- c:\program files\CCleaner
2009-08-25 00:23 --d----- c:\docume~1\utup_h~1\applic~1\TuneUp Software
2009-08-25 00:23 --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software
2009-08-25 00:23 --d----- c:\program files\TuneUp Utilities 2009
2009-08-25 00:23 --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-25 00:20 --d----- c:\docume~1\utup_h~1\applic~1\Foxit
2009-08-25 00:20 --d----- c:\program files\Foxit Software
2009-08-25 00:15 --d----- c:\program files\Microsoft Visual Studio 8
2009-08-25 00:10 --d----- c:\program files\common files\Adobe Systems Shared
2009-08-25 00:06 --d----- c:\program files\Electronic Piano 2.5
2009-08-25 00:04 --d----- c:\program files\K-Lite Codec Pack
2009-08-25 00:04 --d----- c:\program files\GRETECH
2009-08-25 00:00 --d----- c:\docume~1\utup_h~1\applic~1\URSoft
2009-08-25 00:00 --d----- c:\program files\Your Uninstaller 2008
2009-08-24 23:51 --d----- c:\docume~1\alluse~1\applic~1\SRS Labs
2009-08-24 23:51 --d----- c:\program files\SRS Labs
2009-08-24 23:48 --d----- c:\docume~1\utup_h~1\applic~1\IDM
2009-08-24 23:48 --d----- c:\docume~1\utup_h~1\applic~1\DMCache
2009-08-24 23:48 --d----- c:\program files\Internet Download Manager
2009-08-24 23:35 --d----- c:\docume~1\utup_h~1\applic~1\BitDefender
2009-08-24 23:34 --d----- c:\program files\common files\BitDefender
2009-08-24 23:34 --d----- c:\program files\BitDefender
2009-08-24 23:34 --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-08-24 23:01 --d----- c:\program files\Synaptics
2009-08-24 23:00 --d----- c:\program files\HotKey_Driver
2009-08-24 22:54 --d----- c:\program files\REALTEK RTL8187 Wireless LAN Driver
2009-08-24 22:51 --d----- c:\program files\Motorola
2009-08-24 22:49 --d----- c:\program files\sisagp
2009-08-24 22:48 --d----- c:\program files\SiS VGA Utilities V3.81
2009-08-24 22:44 --d----- c:\program files\Realtek
2009-08-24 22:09 --dsh--- c:\documents and settings\all users\DRM
2009-08-24 22:08 --d-h--- c:\program files\WindowsUpdate
2009-08-24 22:07 --d----- c:\program files\common files\MSSoap
2009-08-24 22:06 --d----- c:\program files\Online Services
2009-08-24 22:06 --d----- c:\program files\Messenger
2009-08-24 22:05 --d----- c:\program files\MSN Gaming Zone
2009-08-24 22:05 --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-09-04 13:43 81,984 a------- c:\windows\system32\bdod.bin
2009-08-28 11:25 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-25 00:23 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-08-25 00:23 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-08-24 22:44 315,392 a------- c:\windows\HideWin.exe
2009-08-24 22:06 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-05 17:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 12:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 12:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-18 02:55 58,880 a------- c:\windows\system32\atl.dll
2009-06-27 00:18 659,456 a------- c:\windows\system32\wininet.dll
2009-06-27 00:18 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-26 02:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-26 02:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-26 02:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-26 02:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-26 02:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-26 02:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-26 02:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-26 02:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-26 02:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-26 02:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-26 02:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-26 02:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-25 16:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 16:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 16:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 16:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 16:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 16:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-24 21:39 1,003,520 a------- c:\windows\system32\VSFilter.dll
2009-06-22 19:49 137,216 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 19:49 39,936 a------- c:\windows\system32\mqbkup.exe
2009-06-22 19:49 24,576 a------- c:\windows\system32\mqsvc.exe
2009-06-12 19:50 100,864 a------- c:\windows\system32\tlntsess.exe
2009-06-12 19:50 96,256 a------- c:\windows\system32\telnet.exe
2009-06-10 22:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 14:32 132,096 a------- c:\windows\system32\wkssvc.dll
2006-05-03 17:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 18:47 31,232 ---shr-- c:\windows\system32\msfDX.dll

============= FINISH: 14:27:25.10 ===============

PUTU_16
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-09-04
Gender Gender : Male
OS OS : Windows XP Sp2
Points Points : 26505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Issue

Post by PUTU_16 on Fri Sep 04, 2009 6:53 am

Then this is my attach.txt file :

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/24/2009 10:13:06 PM
System Uptime: 9/4/2009 1:43:41 PM (1 hours ago)

Motherboard: SiS | | M720SR
Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | uPGA 479M | 989/200mhz
Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | uPGA 479M | 989/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 24 GiB total, 12.487 GiB free.
D: is FIXED (NTFS) - 51 GiB total, 40.63 GiB free.
E: is FIXED (NTFS) - 37 GiB total, 2.076 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

A73 Piano Station
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Applian FLV Player
BisonCam
BitDefender Antivirus 2009
Camtasia Studio 6
CCleaner (remove only)
Chord Player v2.1
Cool Edit Pro 2.0
Digital Guitar Tuner 2.3
Electronic Piano 2.5
FlexiMusic Composer
Foxit PDF Editor
Foxit Reader
GOM Player
Google Earth
Guitar Pro 5.2
Hide IP 2.1
Hide My IP 2009
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
HotKey_Driver
Huge Pine USB to UART Driver
Internet Download Manager
Java(TM) 6 Update 15
Java(TM) SE Development Kit 6
Java(TM) SE Runtime Environment 6
K-Lite Mega Codec Pack 5.0.0
KB Piano 2.3.3 Shareware version
LingvoSoft Dictionary 2006 (English<->Indonesian) for Windows
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
midi2style 4.30
Minilyrics(remove only)
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.5.2)
Mp3 Audio Editor
MP3Cutter 2.81
Mpeg2Decoder 1.3
MSXML 6.0 Parser (KB933579)
NetCut 2.08
Notepad++
One Man Band v10.2 demo
Parkour Runner Extreme
PianoFX STUDIO 4.0
Polycom PVX
PowerArchiver 2010
Presto! PVR
Realtek High Definition Audio Driver
REALTEK RTL8187 Wireless LAN Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SiS VGA Utilities
SiSAGP driver
SRS Audio Sandbox
Sun Java(TM) Wireless Toolkit 2.5 for CLDC
SUPER Version 2007.bld.23 (July 4, 2007)
Synaptics Pointing Device Driver
Teleport Pro
TimeLeft
TuneUp Utilities 2009
UltraISO Premium V9.33
Update for Windows XP (KB898461)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
USB PC Camera-168
Video Edit Magic 4.4
VMware Workstation
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinPcap 4.0.2
XP Codec Pack
Yahoo! Messenger
Yahoo! Zimbra Desktop 1.0.3
Your Uninstaller! 2008 Version 6.2
YPOPs! 0.9.7.3

==== Event Viewer Messages From Past Week ========

9/4/2009 9:28:21 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\null.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
9/4/2009 9:28:16 AM, error: Service Control Manager [7000] - The Null service failed to start due to the following error: The process cannot access the file because it is being used by another process.
9/4/2009 9:27:59 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\beep.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0.
9/4/2009 9:27:54 AM, error: Service Control Manager [7000] - The Beep service failed to start due to the following error: The process cannot access the file because it is being used by another process.
9/4/2009 12:57:17 AM, error: Service Control Manager [7034] - The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).
9/3/2009 9:49:10 AM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0090F56B5A4B has been denied by the DHCP server 10.20.110.46 (The DHCP Server sent a DHCPNACK message).
9/3/2009 6:00:52 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/3/2009 6:00:48 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
9/3/2009 12:19:46 PM, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.
9/1/2009 9:53:46 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 129.47.26.210 with the system having network hardware address 00:E0:DB:07:19:75. Network operations on this system may be disrupted as a result.
9/1/2009 9:30:53 AM, error: Service Control Manager [7034] - The Yahoo! Zimbra Desktop Service service terminated unexpectedly. It has done this 1 time(s).
9/1/2009 9:25:53 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/1/2009 7:21:04 PM, error: DCOM [10000] - Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}. The error: "%2" Happened while starting this command: "C:\Program Files\Winamp\winamp.exe" -Embedding
9/1/2009 11:46:09 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
9/1/2009 10:06:00 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 129.47.26.210 with the system having network hardware address 00:16:36:68:39:3C. Network operations on this system may be disrupted as a result.
8/28/2009 5:21:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the VMware Authorization Service service to connect.
8/28/2009 5:21:49 PM, error: Service Control Manager [7000] - The VMware Authorization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

PUTU_16
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-09-04
Gender Gender : Male
OS OS : Windows XP Sp2
Points Points : 26505
# Likes # Likes : 0

View user profile

Back to top Go down

Re: 0x005f0289

Post by Belahzur on Fri Sep 04, 2009 3:17 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum