Author Topic: Unknown virus disables my avast...  (Read 37415 times)

0 Members and 1 Guest are viewing this topic.

higge

  • Guest
Unknown virus disables my avast...
« on: November 03, 2007, 07:11:06 AM »
Good morning all.

I managed to get some virus to my comp, it disables antivirus program and firewall program.
I use Avast and Kerio and have trusted them for years. Now some bad managed to get my machine and as I said, disables those programs.
I've tried reinstall and Kerio installe but Avast didn't. I also tried another antivirus program with no luck either.
I created anther account to my comp and it even disables some other elements like all malware programs and regcleaners.

I'm stuck and that's why I'm asking your help.

I am using XP PRO SP2

here's my hijackthislog
« Last Edit: November 03, 2007, 07:14:28 AM by higge »

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #1 on: November 03, 2007, 11:52:12 AM »
I installed avast again and let it do bootscan. It found "Win32:Delf-FUP"

It put it to shield, but nothing else happens. Errors are still present

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #2 on: November 03, 2007, 01:06:09 PM »
Nothing readilly apparent on your log which means it is hiding ..  so we need to find it

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt  -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Unknown virus disables my avast...
« Reply #3 on: November 03, 2007, 01:45:14 PM »
there's probably something similar to Beagle i guess.. i'm curious to see the DSS log...

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89237
  • No support PMs thanks
Re: Unknown virus disables my avast...
« Reply #4 on: November 03, 2007, 03:06:33 PM »
If it is a Beagle variant it is probably protected by a Rootkit:
See http://forum.avast.com/index.php?topic=26554.0
http://forum.avast.com/index.php?topic=25941.0

This seemed to have the best results with this type of attack and is reasonably user friendly.
http://research.pandasoftware.com/blogs/research/archive/2006/12/14/Rootkit-cleaner.aspx

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #5 on: November 03, 2007, 07:22:43 PM »
Here's main text file as attachement and exrta.txt too

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #6 on: November 03, 2007, 07:50:00 PM »
Deckard's System Scanner v20071014.68
Run by Jarkko on 2007-11-03 20:01:02
Computer is in Normal Mode.
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --

1: 2007-11-03 18:01:07 UTC - RP1 - Järjestelmän tarkistuspiste
Backed up registry hives.
Performed disk cleanup.
- HijackThis (run as Jarkko.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:55, on 3.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\windows\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\windows\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\windows\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\windows\SOUNDMAN.EXE
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\wscntfy.exe
C:\windows\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\windows\system32\WgaTray.exe
C:\Documents and Settings\Jarkko\Työpöytä\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jarkko.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O20 - Winlogon Notify: App Paths - C:\windows\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\windows\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #7 on: November 03, 2007, 07:50:31 PM »
-- File Associations -----------------------------------------------------------
All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 uGuru - c:\windows\system32\drivers\uguru.sys <Not Verified; ABIT Computer Corporation; uGuru V2.0 device driver>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys
R2 TBPanel - c:\windows\system32\drivers\tbpanel.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 SaiH0255 - c:\windows\system32\drivers\saih0255.sys <Not Verified; Saitek; Configuration Software>
R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
R3 SaiNtBus - c:\windows\system32\drivers\saibus.sys <Not Verified; Saitek; Configuration Software>
S2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys (file missing)
S2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys (file missing)
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 btwmodem (Bluetooth-modeemi) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2101>
S3 Cardex - c:\windows\system32\drivers\tbpanel.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 Engine - c:\documents and settings\jarkko\omat tiedostot\unzipped\l2mremover\engine.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 Memctl - c:\program files\abit\abit uguru\memctl.sys
S3 Winflash - c:\program files\abit\abit uguru\winflash.sys
S4 ewido security suite driver - c:\program files\ewido anti-malware\guard.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; C-Dilla Ltd; SafeCast Windows NT>
R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe
R2 sdAuxService (PC Tools Auxiliary Service) - c:\program files\spyware doctor\svcntaux.exe
R2 sdCoreService (PC Tools Security Service) - c:\program files\spyware doctor\swdsvc.exe
S2 a2AntiMalware (a-squared Anti-Malware Service) - c:\program files\a-squared anti-malware\a2service.exe (file missing)
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 aswUpdSv (avast! iAVS4 Control Service) - "c:\program files\alwil software\avast4\aswupdsv.exe" (file missing)
S4 avast! Antivirus - "c:\program files\alwil software\avast4\ashserv.exe" (file missing)
S4 avast! Mail Scanner - "c:\program files\alwil software\avast4\ashmaisv.exe" /service (file missing)
S4 avast! Web Scanner - "c:\program files\alwil software\avast4\ashwebsv.exe" /service (file missing)
S4 ewido security suite control - c:\program files\ewido anti-malware\ewidoctrl.exe (file missing)
S4 ewido security suite guard - c:\program files\ewido anti-malware\ewidoguard.exe <Not Verified; ewido networks; guard>
S4 O&O Defrag - c:\windows\system32\oodag.exe <Not Verified; O&O Software GmbH; O&O Defrag>
S4 SandraDataSrv (Sandra Data Service) - c:\program files\sisoftware\sisoftware sandra lite 2005.sr3\rpcdatasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra 2005.SR3>
S4 SandraTheSrv (Sandra Service) - c:\program files\sisoftware\sisoftware sandra lite 2005.sr3\rpcsandrasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra 2005.SR3>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Oletusnäyttö
Device ID: DISPLAY\DEFAULT_MONITOR\5&600506C&1&113377A9&01&00
Manufacturer: (standardit näyttötyypit)
Name: Oletusnäyttö
PNP Device ID: DISPLAY\DEFAULT_MONITOR\5&600506C&1&113377A9&01&00

Service:
Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Oletusnäyttö
Device ID: DISPLAY\DEFAULT_MONITOR\5&600506C&1&113377A1&01&00
Manufacturer: (standardit näyttötyypit)
Name: Oletusnäyttö
PNP Device ID: DISPLAY\DEFAULT_MONITOR\5&600506C&1&113377A1&01&00

Service:
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6280
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6131
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6131
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #8 on: November 03, 2007, 07:51:17 PM »
-- Files created between 2007-10-03 and 2007-11-03 -----------------------------
2007-11-03 12:25:35      7999 --a------ C:\windows\system32\second.bat
2007-11-03 10:07:28         0 d-------- C:\Program Files\Alwil Software
2007-11-03 08:29:16         0 d-------- C:\Program Files\IObit
2007-11-03 08:12:08         0 d-------- C:\Program Files\Trend Micro
2007-11-03 07:52:53         0 d-------- C:\windows\BDOSCAN8
2007-11-03 07:52:30         0 d---s---- C:\Documents and Settings\hikke\UserData
2007-11-02 21:13:53         0 d-------- C:\Documents and Settings\hikke\Application Data\Macromedia
2007-11-02 20:38:01         0 d-------- C:\Documents and Settings\hikke\Application Data\Talkback
2007-11-02 20:37:43         0 d-------- C:\Documents and Settings\hikke\Application Data\Mozilla
2007-11-02 20:36:39         0 d-------- C:\Documents and Settings\hikke\Application Data\Identities
2007-11-02 20:35:28         0 d--h----- C:\Documents and Settings\hikke\Verkkoympäristö
2007-11-02 20:35:28         0 d--h----- C:\Documents and Settings\hikke\Tulostinympäristö
2007-11-02 20:35:28         0 dr------- C:\Documents and Settings\hikke\Suosikit
2007-11-02 20:35:28         0 dr-h----- C:\Documents and Settings\hikke\SendTo
2007-11-02 20:35:28         0 dr-h----- C:\Documents and Settings\hikke\Recent
2007-11-02 20:35:28   1835008 --ah----- C:\Documents and Settings\hikke\NTUSER.DAT
2007-11-02 20:35:28         0 d--h----- C:\Documents and Settings\hikke\Mallit
2007-11-02 20:35:28         0 d--h----- C:\Documents and Settings\hikke\Local Settings
2007-11-02 20:35:28         0 dr------- C:\Documents and Settings\hikke\Käynnistä-valikko
2007-11-02 20:35:28         0 d---s---- C:\Documents and Settings\hikke\Cookies
2007-11-02 20:35:28         0 dr-h----- C:\Documents and Settings\hikke\Application Data
2007-11-02 20:35:28         0 d---s---- C:\Documents and Settings\hikke\Application Data\Microsoft
2007-11-02 20:10:29         0 d-------- C:\Program Files\ToniArts
2007-11-02 19:39:21         0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-02 19:36:34         0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 19:36:22         0 d-------- C:\Program Files\Spyware Doctor
2007-11-02 19:36:22         0 d-------- C:\Documents and Settings\Jarkko\Application Data\PC Tools
2007-11-02 19:26:48         0 d-------- C:\Documents and Settings\Jarkko\.housecall6.6
2007-11-02 16:20:52      2504 --a------ C:\windows\system32\tmp.reg
2007-11-02 16:20:18     25600 --a------ C:\windows\system32\WS2Fix.exe
2007-11-02 16:20:18    289144 --a------ C:\windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-02 16:20:18    288417 --a------ C:\windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-02 16:20:18     51200 --a------ C:\windows\system32\dumphive.exe
2007-11-02 16:19:59         0 d-------- C:\Program Files\Sunbelt Software
2007-11-01 22:29:52         0 d-------- C:\Program Files\Mailloop 5.0 Demo
2007-11-01 11:49:04         0 d-------- C:\windows\ASYM
2007-11-01 11:49:04         0 d-------- C:\BESTLTR
2007-11-01 11:45:23         0 d-------- C:\Program Files\WriteExpress
2007-11-01 11:35:48         0 d-------- C:\Documents and Settings\Jarkko\Application Data\Babylon
2007-11-01 11:35:48         0 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2007-11-01 11:35:39         0 d-------- C:\Program Files\Online_TV
2007-11-01 11:31:21         0 d-------- C:\Program Files\SuperMailer
2007-10-31 15:41:03         0 d-------- C:\Documents and Settings\Jarkko\Application Data\SuperMailer
2007-10-31 15:40:41    116224 --a------ C:\windows\SMUn.EXE <Not Verified; Mirko Böer; Setup>
2007-10-25 10:26:48     53248 --a------ C:\windows\bdoscandel.exe
2007-10-16 10:18:56         0 d-------- C:\Program Files\The Logo Creator v5
2007-10-16 05:47:17         0 d-------- C:\Program Files\IncrediMail

-- Find3M Report ---------------------------------------------------------------

2007-11-03 19:56:32       825 --ahs---- C:\windows\system32\mmf.sys
2007-11-03 19:56:31         0 d-------- C:\Program Files\a-squared Anti-Malware
2007-11-02 21:30:46         0 d-------- C:\Program Files\ewido anti-malware
2007-11-02 20:37:23         8 --a------ C:\windows\system32\nvModes.dat
2007-11-02 20:22:02         0 d-------- C:\Program Files\Common Files
2007-11-02 20:15:45         0 d-------- C:\Documents and Settings\Jarkko\Application Data\Azureus
2007-11-02 20:10:29         0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-02 19:39:21         0 d-------- C:\Program Files\Lavasoft
2007-11-02 19:39:01         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-02 19:37:51    375932 --a------ C:\windows\system32\perfh00B.dat
2007-11-02 19:37:51     75832 --a------ C:\windows\system32\perfc00B.dat
2007-11-02 18:28:16         0 d-------- C:\Documents and Settings\Jarkko\Application Data\Lavasoft
2007-11-02 15:58:09         0 d-------- C:\Program Files\SmartFTP
2007-11-01 22:19:53         0 d-------- C:\Program Files\Trillian
2007-11-01 22:19:50         0 d-------- C:\Program Files\palmOne
2007-11-01 22:19:02         0 d-------- C:\Program Files\eMule
2007-10-20 06:08:13         0 d-------- C:\Program Files\Winamp
2007-10-19 16:29:37         0 d-------- C:\Program Files\Google
2007-10-15 15:19:21         0 d-------- C:\Program Files\SmartFTP Client 2.0
2007-10-14 21:23:46         0 d-------- C:\Program Files\CommissionStats
2007-10-10 18:23:13         0 d-------- C:\Program Files\BAVOSP
2007-10-09 12:46:31         0 d-------- C:\Program Files\BlueVoda Website Builder
2007-10-09 12:45:55    737280 --a------ C:\windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-10-01 13:10:31         0 d-------- C:\Program Files\AmitySource
2007-09-26 19:12:59         0 d-------- C:\Program Files\Common Files\PhilipsMM
2007-09-26 19:12:37         0 d-------- C:\Program Files\PHILIPS
2007-09-23 06:09:43         0 d-------- C:\Program Files\Siber Systems
2007-09-17 15:30:07         0 dra------ C:\Program Files\Lataukset
2007-09-13 03:11:45         0 d-------- C:\Documents and Settings\Jarkko\Application Data\MSN6
2007-09-12 10:30:11         0 d-------- C:\Program Files\IPNetInfo
2007-09-10 20:01:17     39424 --a------ C:\windows\zipinst.exe <Not Verified; NirSoft; ZipInstaller>
2007-09-07 21:33:36         0 d-------- C:\Documents and Settings\Jarkko\Application Data\EditPlus 2
2007-09-07 17:52:59         0 d-------- C:\Program Files\EditPlus 2


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #9 on: November 03, 2007, 07:52:11 PM »
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuru"="C:\Program Files\ABIT\ABIT uGuru\uGuru.exe" [21.05.2004 15:07]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [22.02.2005 11:22]
"Gainward"="C:\WINDOWS\TBPanel.exe" [03.11.2005 09:13]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [19.04.2007 12:26]
"Profiler"="C:\Program Files\Saitek\Software\ProfilerU.exe" [18.10.2005 13:34]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [03.11.2005 10:09]
"SoundMan"="SOUNDMAN.EXE" [03.08.2006 04:12 C:\WINDOWS\soundman.exe]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [19.04.2007 12:26]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\App Paths]

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #10 on: November 03, 2007, 07:53:49 PM »
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
backup=C:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Synchronizer.lnk
backup=C:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^BTTray.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\BTTray.lnk
backup=C:\windows\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^PCSuiteForNokia6600 Detect.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\PCSuiteForNokia6600 Detect.lnk
backup=C:\windows\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^PCSuiteForNokia6600 TS.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\PCSuiteForNokia6600 TS.lnk
backup=C:\windows\pss\PCSuiteForNokia6600 TS.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jarkko^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma.lnk]
path=C:\Documents and Settings\Jarkko\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma.lnk
backup=C:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jarkko^Käynnistä-valikko^Ohjelmat^Käynnistys^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jarkko^Käynnistä-valikko^Ohjelmat^Käynnistys^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\/AutoLaunchHDD70]
C:\Program Files\PHILIPS\HDDDMM\DMM\bin\AutoLaunchHDD70.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
"C:\Program Files\a-squared Anti-Malware\a2guard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"D:\DVD ohjelmistot\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScrShotManager]
C:\Documents and Settings\Jarkko\Omat tiedostot\Unzipped\scrshma2\ScrShotManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsysban]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"O&O Defrag"=2 (0x2)
"InCDsrv"=2 (0x2)
"btwdins"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.pacimedia.com
127.0.0.1 www.exactsearch.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net
127.0.0.1 www.contextplus.net
-- End of Deckard's System Scanner: finished at 2007-11-03 20:14:33 ------------




Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #11 on: November 03, 2007, 07:55:03 PM »
While I examine the rest of the log your safe boot needs repairing

Download & run this tool > SafeBootKeyRepair-CF http://www.techsupportforum.com/sectools/sUBs/SafeBootKeyRepair-CF.exe
It shall only take a short moment for it to finish running. A log shall be produced at C:\SafeBoot_Repair.txt. Please post that in your next reply and let me know if you can access Safe Mode now?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #12 on: November 03, 2007, 08:28:37 PM »
To repair taskmanager
Download and then run SuperAntispyware

Start the programme when installed
On the main page select preferences
Next select the repair tab
Left click Repair Task Manager
Left click perform repair

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Unknown virus disables my avast...
« Reply #13 on: November 03, 2007, 08:35:51 PM »
A couple of elements here

Please re-open HiJackThis and scan.  Check the boxes next to all the entries listed below.

O20 - Winlogon Notify: App Paths - C:\windows\

Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis

THEN

Please download the [color="red"]OTMoveIt by OldTimer[/color][/url].
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\windows\system32\second.bat


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
[color="#ff0000"]*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes[/color].
[color="green"]**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")[/color]

Click "Exit" to close OTMoveIt.

NEXT

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

First we must back up the entire registry.To do this

REGISTRY BACKUP

Go START > RUN and type in REGEDIT then press your enter key.
When Regedit is open ensure that 'my computer' is highlighted in the left pane.
Go to FILE and select EXPORT.
Check the 'all' button at the bottom of the screen to backup the entire registry.
You will need to select a location to save the exported registry (it will be saved as a single file) I would suggest the Desktop
Choose the FILE NAME as Oldreg
In the drop down box called SAVE AS TYPE select registration files (*.reg).
Then click SAVE
This will create a file on your desktop called Oldreg.reg 

REGISTRY FIX
Quote
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsysban]

Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file.  Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

What was the file name and location for Win32:Delf-FUP

If I could now have an update

higge

  • Guest
Re: Unknown virus disables my avast...
« Reply #14 on: November 03, 2007, 08:36:57 PM »
Safemode is now repaired, I can login with that and even error message "D needs to be checked for NTFS" or something like that is now gone. Here's my text file
Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"