Windows keep hanging! Hanged programs cannot be killed. Cause is unknown.

SCC · 01-23-2008, 07:08 AM

Hey, I havn't done wif ur SDFix yet. But now, another prob arises. I tried out the Spybot S&D 1st, like the one before u recommended, to test out its detection capability.

It doesn't proof much use, anyway, but after the scan, a prob occurs on my pc. I can't open any program now. .exe file or any other Windows utility cannot be opened. An error msg appears when I open them.

'This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.'

I dunno how to deal wif this... I can't restore my Windows using System Restore, neither repair my Windows XP, even can't Run... any command that uses .exe files, like chkdsk & regedit. Soree for troubling u, but do u've any idea?

y2k_itman · 01-23-2008, 08:09 AM

SCAN WINDOWS USING MCAFEE SDAT FILE
For More Information visit this URL

http://itinfo4u.blogspot.com/2007_10_01_archive.html

SCC · 01-23-2008, 09:34 AM

Hmm... Thx for ur advice, y2k_itman. ^^ But I can't run anything from my pc now. All appears wif this msg: 'This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.' So, to fix this is the priority.

GameMaster · 01-23-2008, 03:12 PM

This is nice!
Finally we found out what's the porblem...
Please visit and read this site as people have same problems there. There are even methods to work-around.
OK, it says this.

Quote:

Method 1
Start MSN Explorer, and then type the Web address of the Web site that you want to browse to in the Address bar.
Back to the top

Method 2
Turn on access to Internet Explorer from the Start menu and desktop, and then use the Run command to browse to the Web site that you want. To do this, follow these steps: 1. Click Start, and then click Control Panel.
2. Double-click Add or Remove Programs, and then click Add/Remove Windows Components.
3. In the Components list, click to select the Internet Explorer check box, and then click Next.
4. Click Finish.
5. Click Start, and then click Run.
6. In the Open box, type the Web address of the Web site that you want to browse to, and then click OK.

Hope it helps!

StrangleHold · 01-23-2008, 03:49 PM

Quote:

Originally Posted by SCC

Hey, I havn't done wif ur SDFix yet. But now, another prob arises. I tried out the Spybot S&D 1st, like the one before u recommended, to test out its detection capability.

It doesn't proof much use, anyway, but after the scan, a prob occurs on my pc. I can't open any program now. .exe file or any other Windows utility cannot be opened. An error msg appears when I open them.

'This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.'

I dunno how to deal wif this... I can't restore my Windows using System Restore, neither repair my Windows XP, even can't Run... any command that uses .exe files, like chkdsk & regedit. Soree for troubling u, but do u've any idea?

You have been dealing with this for 5 days now, I bet a clean install of XP would have been alittle quicker

. Do a clean install-update Windows-update all your drivers-install a good Antivirus and antispyware program. Run it for awhile and see if the problem pops up again. If not start installing your programs one at a time and if Zonealarm causes you problems dont install it again.

SCC · 01-23-2008, 05:20 PM

Hmm... Actually, it should be solved by today, if the SDFix works, & this prob not appearing. & btw, I want to know how to deal wif such not-obvious & serious prob, which appears to be powerful trojan at last. & most important, I want to know how to know how to detect the cause of hanging & high CPU usage. So, hope that u guys can help me out.

& about GameMaster's solution... I'm not having such prob. I'm not accessing website using the 'Run...'. I juz simply can't open any programs. Believed that it's bcoz of lost file association of Windows wif .exe files. So, I can't even open Control Panel's utilities, except for a few, like Folder Option. However, can't save settings as well.

GameMaster · 01-23-2008, 08:09 PM

Uh...I don't know, how are you going to run any antivirus software if your computer does that? Now I'm afraid I completely agree you need to quickly reinstall your Windows. Then you will probably be able to enter all the programs and all, and then we will get back to cleaning viruses who done this, OK?

SCC · 01-24-2008, 02:49 AM

Hmm... That's the point. If I'm reinstalling Windows, no need to deal wif the virus anymore. The virus will be erased together when reinstalling Windows. So, u've no more idea?

SCC · 01-24-2008, 06:10 PM

SDFix: Version 1.130

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 01:03:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 5

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe"="C:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe:*:Enabled:Virtual PC 2007"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"="C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe:*:Enabled:GG E-Sports Platform Client"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Files with Hidden Attributes:

Wed 16 Jan 2008 24,576 ...H. --- "C:\Documents and Settings\SCC\Desktop\~WRL0004.tmp"
Wed 16 Jan 2008 28,160 ...H. --- "C:\Documents and Settings\SCC\Desktop\~WRL0264.tmp"
Wed 16 Jan 2008 30,720 ...H. --- "C:\Documents and Settings\SCC\Desktop\~WRL0720.tmp"
Wed 16 Jan 2008 30,720 ...H. --- "C:\Documents and Settings\SCC\Desktop\~WRL1479.tmp"
Sat 12 Jan 2008 165,232 A..H. --- "C:\Documents and Settings\SCC\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:01 AM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG. EXE /SetPreload /Log
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200363860134
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD392D8-FA1A-4B43-9CE3-CFC26AB49AA2}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 7158 bytes

SCC · 01-24-2008, 06:14 PM

Finally, found a nice article to fix the lost .exe file association from here. http://filext.com/faq/broken_exe_association.php

Anyway, ur SDFix doesn't seems able to find any trojan. Actually, wat makes ur SDFix special? Does it match the commercial anti-spyware programs, like Spyware Doctor?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
DX 10 for Vista!?	ADE	Computer Games and Consoles	15	03-09-2007 01:58 PM
Any Concern?	da5176	Computer Security	6	10-07-2006 06:54 PM
Compaq mother board again	exopforce	Motherboards	15	09-29-2006 01:05 AM
Same popup on laptop	darkdreamer1	Computer Security	5	08-25-2006 06:51 PM
Programs, Sites you recommend for tweaking windows	Flash_AAA	Operating Systems	3	08-09-2004 04:18 AM

01-23-2008, 07:08 AM	#21 (permalink)
SCC Bronze Member Join Date: Oct 2007 Posts: 54	Hey, I havn't done wif ur SDFix yet. But now, another prob arises. I tried out the Spybot S&D 1st, like the one before u recommended, to test out its detection capability. It doesn't proof much use, anyway, but after the scan, a prob occurs on my pc. I can't open any program now. .exe file or any other Windows utility cannot be opened. An error msg appears when I open them. 'This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.' I dunno how to deal wif this... I can't restore my Windows using System Restore, neither repair my Windows XP, even can't Run... any command that uses .exe files, like chkdsk & regedit. Soree for troubling u, but do u've any idea?

01-23-2008, 08:09 AM	#22 (permalink)
y2k_itman New Member Join Date: Jan 2008 Posts: 8	SCAN WINDOWS USING MCAFEE SDAT FILE For More Information visit this URL http://itinfo4u.blogspot.com/2007_10_01_archive.html

01-23-2008, 09:34 AM	#23 (permalink)
SCC Bronze Member Join Date: Oct 2007 Posts: 54	Hmm... Thx for ur advice, y2k_itman. ^^ But I can't run anything from my pc now. All appears wif this msg: 'This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.' So, to fix this is the priority.

01-23-2008, 05:20 PM	#26 (permalink)
SCC Bronze Member Join Date: Oct 2007 Posts: 54	Hmm... Actually, it should be solved by today, if the SDFix works, & this prob not appearing. & btw, I want to know how to deal wif such not-obvious & serious prob, which appears to be powerful trojan at last. & most important, I want to know how to know how to detect the cause of hanging & high CPU usage. So, hope that u guys can help me out. & about GameMaster's solution... I'm not having such prob. I'm not accessing website using the 'Run...'. I juz simply can't open any programs. Believed that it's bcoz of lost file association of Windows wif .exe files. So, I can't even open Control Panel's utilities, except for a few, like Folder Option. However, can't save settings as well.

01-24-2008, 02:49 AM	#28 (permalink)
SCC Bronze Member Join Date: Oct 2007 Posts: 54	Hmm... That's the point. If I'm reinstalling Windows, no need to deal wif the virus anymore. The virus will be erased together when reinstalling Windows. So, u've no more idea?

01-24-2008, 06:10 PM	#29 (permalink)
SCC Bronze Member Join Date: Oct 2007 Posts: 54	SDFix: Version 1.130 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-25 01:03:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 5 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe"="C:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe::Enabled:Virtual PC 2007" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"="C:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe::Enabled:GG E-Sports Platform Client" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe::Enabled:BitComet - a BitTorrent Client" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Files with Hidden Attributes: Wed 16 Jan 2008 24,576 ...H. --- "C:\Documents and Settings\SCC\Desktop\~WRL0004.tmp" Wed 16 Jan 2008 28,160 ...H. --- "C:\Documents and Settings\SCC\Desktop\~WRL0264.tmp" Wed 16 Jan 2008 30,720 ...H. --- "C:\Documents and Settings\SCC\Desktop\~WRL0720.tmp" Wed 16 Jan 2008 30,720 ...H. --- "C:\Documents and Settings\SCC\Desktop\~WRL1479.tmp" Sat 12 Jan 2008 165,232 A..H. --- "C:\Documents and Settings\SCC\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:14:01 AM, on 1/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG. EXE /SetPreload /Log O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1200363860134 O17 - HKLM\System\CCS\Services\Tcpip\..\{BFD392D8-FA1A-4B43-9CE3-CFC26AB49AA2}: NameServer = 202.188.0.133 202.188.1.5 O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 7158 bytes

01-24-2008, 06:14 PM	#30 (permalink)
SCC Bronze Member Join Date: Oct 2007 Posts: 54	Finally, found a nice article to fix the lost .exe file association from here. http://filext.com/faq/broken_exe_association.php Anyway, ur SDFix doesn't seems able to find any trojan. Actually, wat makes ur SDFix special? Does it match the commercial anti-spyware programs, like Spyware Doctor?