Services.exe problem - my PC keeps restarting
I tried all spyware programs and anti-virus one but no solution 
unfortunatelly i have no knowledge to solve this problem alone so i'm asking you.
The problem seems to be very popular when i googled it ... WINDOWS\SYSTEM32\SERVICES.EXE and the code 1073741819
Here is my hijack log file
Logfile of HijackThis v1.99.1
Scan saved at 14:18:25, on 13.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Save\Save.exe
E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Opera\Opera.exe
E:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
E:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RapidLeecher] E:\Program Files\RapidLeecher\RapidLeecher.exe /M
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AutoSys] E:\WINDOWS\system32\autosys.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SolidCapture] E:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
O4 - HKCU\..\Run: [WhenUSave] "E:\Program Files\Save\Save.exe"
O4 - Global Startup: InterCheck Monitor.LNK = E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{240EBFAD-28CF-4C73-8042-AA32806F673D}: NameServer = 193.189.160.13 193.189.160.23
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: msxml3a.exe - Unknown owner - E:\WINDOWS\system32\msxml3a.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rastls.exe - Unknown owner - E:\WINDOWS\system32\rastls.exe (file missing)
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
This is really annyoing as i need my PC urgent
To avoid this and similar problems what is the best anti-virus/spyware program out there that updates frequently and solve all problems?
Tanja
unfortunatelly i have no knowledge to solve this problem alone so i'm asking you.
The problem seems to be very popular when i googled it ... WINDOWS\SYSTEM32\SERVICES.EXE and the code 1073741819
Here is my hijack log file
Logfile of HijackThis v1.99.1
Scan saved at 14:18:25, on 13.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Save\Save.exe
E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Opera\Opera.exe
E:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
E:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RapidLeecher] E:\Program Files\RapidLeecher\RapidLeecher.exe /M
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AutoSys] E:\WINDOWS\system32\autosys.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SolidCapture] E:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
O4 - HKCU\..\Run: [WhenUSave] "E:\Program Files\Save\Save.exe"
O4 - Global Startup: InterCheck Monitor.LNK = E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{240EBFAD-28CF-4C73-8042-AA32806F673D}: NameServer = 193.189.160.13 193.189.160.23
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: msxml3a.exe - Unknown owner - E:\WINDOWS\system32\msxml3a.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rastls.exe - Unknown owner - E:\WINDOWS\system32\rastls.exe (file missing)
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
This is really annyoing as i need my PC urgent
To avoid this and similar problems what is the best anti-virus/spyware program out there that updates frequently and solve all problems?
Tanja
0
Comments
- Click Start
- Click Control Panel
- Double-click Add or Remove Program
- Find and remove this program if found:
WhenUSave==============================
Please, Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Desktop.
A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Please send rapport.txt and fresh HijackThis log
About save.exe (WhenUSave) - unfortunatelly i'm using a program that has to have save.exe running at the same time. Have been using this program for years and i didn't have any problem and when asking on the net about danger they all said that it isn't that risky. Can i still use it?
Here is rapport.txt file:
SmitFraudFix v2.148
Scan done at 20:41:09,76, tor 13.03.2007
Run from C:\SMIT\SmitfraudFix
OS: Microsoft Windows XP [razliźica 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» E:\
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Administrator
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\ADMINI~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
pe386 detected, use a Rootkit scanner
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Bit worried about missing files msxml3a.exe and rastls.exe ...
New Hijack
Logfile of HijackThis v1.99.1
Scan saved at 20:51:27, on 13.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
E:\WINDOWS\System32\svchost.exe
E:\utorrent.exe
E:\Program Files\Sophos SWEEP for NT\WSWEEPNT.EXE
E:\WINDOWS\winhlp32.exe
E:\Program Files\Opera\Opera.exe
E:\WINDOWS\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RapidLeecher] E:\Program Files\RapidLeecher\RapidLeecher.exe /M
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AutoSys] E:\WINDOWS\system32\autosys.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SolidCapture] E:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
O4 - Global Startup: InterCheck Monitor.LNK = E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{240EBFAD-28CF-4C73-8042-AA32806F673D}: NameServer = 193.189.160.13 193.189.160.23
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: msxml3a.exe - Unknown owner - E:\WINDOWS\system32\msxml3a.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rastls.exe - Unknown owner - E:\WINDOWS\system32\rastls.exe (file missing)
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
As you can see i'm using a few spyware/anti-virus programs and my PC hasn't restarted for about 7 hours now (been restarting every hour yesterday).
Is that '193.189.160.13 193.189.160.23' your IP? If you don't know what your IP is, go to http://www.whatsmyip.org/ and check
===================
Print out these instructions or save them with notepad or Word
Please do the following:
* Start AVG Anti-Spyware
* Click the Update icon
* Click Start update
* Wait until updates are downloaded
* Click the Scanner icon
* Open the Settings tab
o Make sure that under ';How to act?' read Quarantine (If not, click the text and choose Quarantine)
o Under 'How to scan?' all checkboxes should be ticked
o
Under 'Reports' select Automatically generate report after every scan and uncheck Only if threats were found
o Under 'What to scan?' select Scan every file
*Click the Shield icon
* Under the 'Resident shield is' click active to make it inactive
* Close AVG Anti-Spyware
=========================================
Download RustBFix from one of the following locations...
http://www.uploads.ejvindh.net/rustbfix.exe http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe
...and save it to your desktop.
Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open
(%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log.
=========================================
Reboot to safemode
* If the computer is running, shut down Windows, and then turn off the power
* Wait 30 seconds, and then turn the computer on
* Start tapping the F8 key
* The Windows Advanced Options Menu appears
* Ensure that the Safe Mode option is selected
* Press Enter. The computer then begins to start in Safe mode
* Login on your usual account
In Safemode scan with Smitfraudfix again!
=========================================
* Close all open windows / programs / folders
* Start AVG Anti-Spyware
* Click the Scanner icon
* Click Complete System Scan
* Let the program scan the machine
* When the scan has finished, follow the instructions below
o Make sure that under 'Set all elements to' read Quarantine (If not, click the text and choose Quarantine)
o Click Apply all actions
o Click Save Report
o Click Save reports as
o Save report to your Desktop
=========================================
Please, post fresh HijackThis log, Smitfraud log, Two Rustbfix logs and AVG report
Rustock.b-ADS attached to the System32-folder:
Attempting to remove ADS...
Looking for Rustock.b-files in the System32-folder:
ECHO je izkljuźen.
******************* Post-run Status of system *******************
Rustock.b-driver on the system:
YOU NEED TO CONSULT MORE ADVANCED TOOLS!!
The Gmer-rootkitscanner may be a good place to start.
Gmer rootkit-scanner may be found here: http://www.gmer.net
Rustock.b-ADS attached to the System32-folder:
ECHO je izkljuźen.
You should either run the tool again or consult more advanced tools
The Gmer-rootkitscanner may be a good place to start.
Gmer rootkit-scanner may be found here: http://www.gmer.net
Looking for Rustock.b-files in the System32-folder:
ECHO je izkljuźen.
You should either run the tool again or consult more advanced tools
Swandog46's Avenger or Gmer's-rootkitscanner may be a good place to start.
Swandog46's Avenger may be found here: http://swandog46.geekstogo.com/avengernotes.htm
Gmer rootkit-scanner may be found here: http://www.gmer.net
******************************* End of Logfile ********************************
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Error: could not create zip file.
Error code: 80
Error: could not create reboot file.
Error code: 80
Error: could not create reboot batch.
Error code: 80
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jsurbplt
*******************
Script file located at: \??\E:\WINDOWS\ykhshkco.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at E:\Avenger
*******************
Beginning to process script file:
Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\prxfnaft
*******************
Script file located at: \??\E:\Documents and Settings\lqbhgkle.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at E:\Avenger
*******************
Beginning to process script file:
Registry key \Registry\Machine\System\CurrentControlSet\Services\PE386 not found!
Unload of driver PE386 failed!
Could not process line:
PE386
Status: 0xc0000034
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mofcaosl
*******************
Script file located at: \??\E:\WINDOWS\system32\nulyeiej.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at E:\Avenger
*******************
Beginning to process script file:
Registry key \Registry\Machine\System\CurrentControlSet\Services\PE386 not found!
Unload of driver PE386 failed!
Could not process line:
PE386
Status: 0xc0000034
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
Hijack log
Logfile of HijackThis v1.99.1
Scan saved at 17:01:39, on 14.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\NOTEPAD.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Save\Save.exe
E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
E:\WINDOWS\system32\notepad.exe
E:\WINDOWS\system32\notepad.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Opera\Opera.exe
E:\Program Files\Windows NT\Accessories\wordpad.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RapidLeecher] E:\Program Files\RapidLeecher\RapidLeecher.exe /M
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AutoSys] E:\WINDOWS\system32\autosys.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [jvcbsvsa] E:\atkglwgp.bat
O4 - HKLM\..\Run: [mslonknh] E:\ukuxkmfs.bat
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SolidCapture] E:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
O4 - HKCU\..\Run: [WhenUSave] "E:\Program Files\Save\Save.exe"
O4 - Global Startup: InterCheck Monitor.LNK = E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{240EBFAD-28CF-4C73-8042-AA32806F673D}: NameServer = 193.189.160.13 193.189.160.23
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: msxml3a.exe - Unknown owner - E:\WINDOWS\system32\msxml3a.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rastls.exe - Unknown owner - E:\WINDOWS\system32\rastls.exe (file missing)
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
Scan done at 17:08:46,50, sre 14.03.2007
Run from C:\SMIT\SmitfraudFix
OS: Microsoft Windows XP [razliźica 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» E:\
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Administrator
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\ADMINI~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
AVG Anti-Spyware - Scan Report
+ Created at: 21:03:58 14.3.2007
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AutoSys -> Adware.Generic : Cleaned with backup (quarantined).
E:\Documents and Settings\Administrator\Desktop\Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\Program Files\Common Files\WhenU\EmbedSE.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\Program Files\Save\Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\Program Files\Save\Saveupdate.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\Program Files\Save\ffext.mod -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\Program Files\Save\save.db -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\Program Files\Save\save.htm -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\Program Files\Save\store.db -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{E0C4866C-1149-46BF-ADDB-B78288D98F00}\RP302\A0124261.exe/ffext.mod/{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{E0C4866C-1149-46BF-ADDB-B78288D98F00}\RP303\A0127702.exe/ffext.mod/{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{E0C4866C-1149-46BF-ADDB-B78288D98F00}\RP308\A0130052.exe/ffext.mod/{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhenU.EmbedSE -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhenU.EmbedSE.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhenU.EmbedSE\CLSID -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhenU.EmbedSE\CurVer -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners\CLIP -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-2052111302-1035525444-682003330-500\Software\Microsoft\Windows\CurrentVersion\Run\\WhenUSave -> Adware.SaveNow : Error during cleaning.
F:\System Volume Information\_restore{0584C312-88A8-4266-9C78-0EADD34D0DCC}\RP491\A0156998.exe -> Backdoor.Bifrose.uw : Cleaned with backup (quarantined).
F:\NINA\New Folder\[ebooks] hack - master bible of hacking.zip/Hacking 102.zip/more_names.txt -> Backdoor.Flood.f : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{0584C312-88A8-4266-9C78-0EADD34D0DCC}\RP491\A0156963.EXE/devenv.exe -> Backdoor.Rbot.auj : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{D5BD6270-79F1-4CCA-8378-8CF9D8108242}\RP14\A0001258.EXE/devenv.exe -> Backdoor.Rbot.auj : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{D5BD6270-79F1-4CCA-8378-8CF9D8108242}\RP14\A0001239.exe -> Logger.Alexa.a : Cleaned with backup (quarantined).
F:\pdf\Dummies Guide to the Internet.rar/Dummies Guide to the Internet\test33.exe -> Logger.Alexa.a : Cleaned with backup (quarantined).
F:\pdf\Dummies Guide to the Internet\Dummies Guide to the Internet\test33.exe -> Logger.Alexa.a : Cleaned with backup (quarantined).
F:\NINA\New Folder\[ebooks] hack - master bible of hacking.zip/Hackers Utility 102.zip/HUC.EXE -> Not-A-Virus.HackTool.Win32.Agent.ag : Cleaned with backup (quarantined).
F:\NINA\New Folder\[ebooks] hack - master bible of hacking.zip/Hackers Utility.zip/Huc.exe -> Not-A-Virus.HackTool.Win32.Agent.ag : Cleaned with backup (quarantined).
F:\NINA\New Folder\[ebooks] hack - master bible of hacking.zip/Hacking 102.zip/patch.exe -> Not-A-Virus.HackTool.Win32.WwwHack.a : Cleaned with backup (quarantined).
E:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
F:\RECYCLER\S-1-5-21-776561741-1060284298-725345543-500\Df4.2006\Microsoft Windows XP Professional (SP2)\Extras\XP Stuff.zip/XP Stuff/XP KeY ReCoVeRER AND DiSCOVErER.exe -> Trojan.Small.edz : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 21:05:40, on 14.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Windows NT\Accessories\WORDPAD.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\taskmgr.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RapidLeecher] E:\Program Files\RapidLeecher\RapidLeecher.exe /M
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [jvcbsvsa] E:\atkglwgp.bat
O4 - HKLM\..\Run: [mslonknh] E:\ukuxkmfs.bat
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SolidCapture] E:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
O4 - Global Startup: InterCheck Monitor.LNK = E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{240EBFAD-28CF-4C73-8042-AA32806F673D}: NameServer = 193.189.160.13 193.189.160.23
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: msxml3a.exe - Unknown owner - E:\WINDOWS\system32\msxml3a.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rastls.exe - Unknown owner - E:\WINDOWS\system32\rastls.exe (file missing)
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
Another thing - i also got the infamous blue screen something about cmuda.sys file. Been googling and apparently it has something to do with media drivers (blue screen would usually appear when i would watch a clip). How can i fix this problem?
Logfile of HijackThis v1.99.1
Scan saved at 16:01:30, on 15.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\utorrent.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Opera\Opera.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RapidLeecher] E:\Program Files\RapidLeecher\RapidLeecher.exe /M
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [jvcbsvsa] E:\atkglwgp.bat
O4 - HKLM\..\Run: [mslonknh] E:\ukuxkmfs.bat
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SolidCapture] E:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
O4 - Global Startup: InterCheck Monitor.LNK = E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{240EBFAD-28CF-4C73-8042-AA32806F673D}: NameServer = 193.189.160.13 193.189.160.23
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: msxml3a.exe - Unknown owner - E:\WINDOWS\system32\msxml3a.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: rastls.exe - Unknown owner - E:\WINDOWS\system32\rastls.exe (file missing)
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: rastls.exe - Unknown owner - E:\WINDOWS\system32\rastls.exe (file missing)
is that bad if those two files are missing?
Open Notepad and copy these lines to it:
@echo off
sc stop msxml3a.exe
sc delete msxml3a.exe
sc stop rastls.exe
sc delete rastls.exe
Then, save the file to desktop as Delete.bat and to filetypes: All Files.
Then drive the Delete.bat file from your desktop.
---
Lets clean "system restore" and show hidden files/folders: INSTRUCTIONS
---
Then boot your computer to Safemode and search/remove these: (if found)
E:\atkglwgp.bat
E:\ukuxkmfs.bat
E:\WINDOWS\system32\msxml3a.exe
E:\WINDOWS\system32\rastls.exe
Then boot back to normalmode.
---
Open HijackThis, press Do a System scan only, check these lines: (if found)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [jvcbsvsa] E:\atkglwgp.bat
O4 - HKLM\..\Run: [mslonknh] E:\ukuxkmfs.bat
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: msxml3a.exe - Unknown owner - E:\WINDOWS\system32\msxml3a.exe (file missing)
O23 - Service: rastls.exe - Unknown owner - E:\WINDOWS\system32\rastls.exe (file missing)
And press Fix Checked.
---
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- * Download the latest version of Java Runtime Environment (JRE) 6 .
Please, post a new HijackThis log from normalmode* Click the "Download" button to the right.
* Check the box that says: "Accept License Agreement"
* The page will refresh.
* Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
* Close any programs you may have running - especially your web browser.
* Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
o J2SE Runtime Environment 5.0 Update 1
* Reboot your computer once all Java components are removed.
* Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
---
"I also got the infamous blue screen something about cmuda.sys file"
You should try to update your media drivers. Example from producers website...
O23 - Service: msxml3a.exe - Unknown owner - E:\WINDOWS\system32\msxml3a.exe (file missing)
O23 - Service: rastls.exe - Unknown owner - E:\WINDOWS\system32\rastls.exe (file missing)
Is that good or bad?
Here is the Hijack log file after installing new Java
Logfile of HijackThis v1.99.1
Scan saved at 22:44:10, on 15.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\msiexec.exe
E:\utorrent.exe
E:\Program Files\Opera\Opera.exe
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RapidLeecher] E:\Program Files\RapidLeecher\RapidLeecher.exe /M
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SolidCapture] E:\Program Files\SolidDocuments\SolidCapture\solidcapture.exe
O4 - Global Startup: InterCheck Monitor.LNK = E:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{240EBFAD-28CF-4C73-8042-AA32806F673D}: NameServer = 193.189.160.13 193.189.160.23
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - E:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
Looks thiner
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
---
Your logfile is clean. About that cmuda.sys problem...I'm not master of drivers and stuff. I can only handle spyware & viruses, sorry. You should try to ask help from here.
you are so smart
3 days have gone and no restart problem (yet) :bigggrin:
From the experience and knowledge what do you think caused the restart issue?
Thank you for the tip - will sure ask there about cmuda.sys
Tanja
Well...You had a RustockB -infection on your computer. It's a rootkit. That might be the reason to your computer problems, but now your computer is clean