Computer Hope

Software => Computer viruses and spyware => Topic started by: zeroth01 on June 09, 2009, 07:59:15 AM

Title: Problem with Sysvxd.exe and windows firewall
Post by: zeroth01 on June 09, 2009, 07:59:15 AM

Hi Computer Hope,

I have a problem with my PC that I believe is similar to that which Jax_Minnesota describes in the"sysvxd.exe trojan" topic posted on June 08, 2009, 08:11:41 PM

I also use ESET Nod32 for my AV, I run Windows XP SP2 (Version 5.1 (Build 2600.xpsp_sp2_gdr.090206-1233 : Service Pack 2).

Yesterday I started recieving the following error message:
------------
Application popup: 16 bit MS-DOS Subsystem : C:\WINDOWS\Sysvxd.exe
The NTVDM CPU has encountered an illegal instruction.
CS:0e12 IP:06d0 OP:63 6f 6c 6f 72 Choose 'Close' to terminate the application.
------------

The windows firewall kept turning off as well.
I have followed the instructions in the "Read this before requesting malware removal help" topic and running MalwareBytes seemed to fix the issue. However I would very much appreciate it if someone could check my log files below for any remaining problems.

- Stu

------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/09/2009 at 10:16 PM

Application Version : 4.26.1004

Core Rules Database Version : 3930
Trace Rules Database Version: 1873

Scan type       : Complete Scan
Total Scan Time : 01:27:02

Memory items scanned      : 448
Memory threats detected   : 0
Registry items scanned    : 7603
Registry threats detected : 0
File items scanned        : 104265
File threats detected     : 0

------------------------
Malwarebytes' Anti-Malware 1.37
Database version: 2252
Windows 5.1.2600 Service Pack 2

9/06/2009 10:48:40 PM
mbam-log-2009-06-09 (22-48-40).txt

Scan type: Quick Scan
Objects scanned: 77774
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

--------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:36 PM, on 9/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\ASUS\Bluetooth Software\BTTray.exe
C:\Program Files\MagicKey\MagicKey.exe
C:\Program Files\MagicKey\OSD.EXE
D:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [trueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-510] C:\Program Files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Versato] "C:\Program Files\MagicKey\MagicRun.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\ASUS\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202015283595
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202015268033
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8016 bytes

Title: Re: Problem with Sysvxd.exe and windows firewall
Post by: evilfantasy on June 09, 2009, 08:35:43 AM

Welcome to H2G.

Lets do a double check to make sure everything is gone.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Title: Re: Problem with Sysvxd.exe and windows firewall
Post by: zeroth01 on June 11, 2009, 04:05:18 AM

Hi evilfantasy,

Thankyou for you very much for your speedy reply and apologies for my slow one.

I started ComboFix and returned to my pc around 5 minutes later It had rebooted and was at the logon screen.  After logging in, an error was displayed stating the "System Has Recovered from a Serious Error" with two buttons "Send Error Report" and "Don't Send". I clicked "Send Error Report" which took me to the following webpage:
http://wer.microsoft.com/responses/Response.aspx/10/en-au/5.1.2600.2.00010300.2.0?SGD=f5d5cec7-bb9d-4460-90c2-adcecde12f3f

Please find the ComboFix log below:

ComboFix 09-06-10.02 - Stuart 11/06/2009 19:40.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.511.143 [GMT 10:00]
Running from: d:\documents and settings\Stuart\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000012_.tmp.dll

.
(((((((((((((((((((((((((   Files Created from 2009-05-11 to 2009-06-11  )))))))))))))))))))))))))))))))
.

2009-06-09 13:22 . 2009-06-09 13:22   --------   d-----w-   c:\program files\Trend Micro
2009-06-09 13:03 . 2009-06-09 13:02   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-06-09 12:39 . 2009-06-09 12:39   --------   d-----w-   d:\documents and settings\Stuart\Application Data\Malwarebytes
2009-06-09 12:39 . 2009-05-26 03:20   40160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 12:39 . 2009-06-09 12:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-09 12:39 . 2009-05-26 03:19   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-06-09 10:43 . 2009-06-09 10:43   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-09 10:43 . 2009-06-09 10:43   --------   d-----w-   d:\documents and settings\Stuart\Application Data\SUPERAntiSpyware.com
2009-06-09 10:42 . 2009-06-09 10:42   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-05-20 11:51 . 2009-05-20 11:51   --------   d-----w-   c:\documents and settings\All Users\Application Data\Xyris Software
2009-05-20 11:50 . 2009-05-20 11:50   --------   d-----w-   c:\program files\Xyris Software

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 09:33 . 2008-02-19 11:52   --------   d-----w-   d:\documents and settings\Stuart\Application Data\Skype
2009-06-11 09:32 . 2008-02-19 11:52   --------   d-----w-   d:\documents and settings\Stuart\Application Data\skypePM
2009-06-09 13:05 . 2008-03-08 00:53   --------   d-----w-   c:\program files\Java
2009-05-05 13:01 . 2009-05-05 13:01   971552   ----a-w-   c:\windows\system32\drivers\tdrpm174.sys
2009-05-05 13:01 . 2008-05-08 09:57   540000   ----a-w-   c:\windows\system32\drivers\timntr.sys
2009-05-05 13:01 . 2008-05-08 09:57   44704   ----a-w-   c:\windows\system32\drivers\tifsfilt.sys
2009-05-05 13:01 . 2009-05-05 13:01   134272   ----a-w-   c:\windows\system32\drivers\snman380.sys
2009-05-05 13:00 . 2008-05-08 09:56   --------   d-----w-   c:\program files\Common Files\Acronis
2009-05-05 13:00 . 2009-05-05 13:00   --------   d-----w-   c:\program files\Acronis
2009-04-18 07:35 . 2008-03-04 11:31   --------   d-----w-   d:\documents and settings\Stuart\Application Data\DVD Flick
2009-04-15 13:38 . 2008-03-10 08:36   --------   d-----w-   d:\documents and settings\Stuart\Application Data\uTorrent
2008-03-01 01:08 . 2008-03-01 01:08   56   --sh--r-   c:\windows\system32\857CB29EF8.sys
2008-03-01 01:08 . 2008-03-01 01:08   1890   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"Versato"="c:\program files\MagicKey\MagicRun.exe" [2002-02-21 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-20 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-09 148888]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-20 4359600]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-20 960560]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-20 377248]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2008-05-18 98304]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-05-09 3084288]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless G DWA-510"="c:\program files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe" [2007-08-02 1667072]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-10-29 921600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\program files\ASUS\Bluetooth Software\BTTray.exe [2006-9-18 561213]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 02:05   356352   ----a-w-   d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"d:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\UltraVNC\\vncviewer.exe"=
"e:\\DokuWikiStick\\mapache.exe"=
"d:\\Program Files\\UltraVNC\\winvnc.exe"=
"d:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Acronis\\TrueImageEchoWorkstation\\TrueImage.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [5/05/2009 11:01 PM 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [5/05/2009 11:01 PM 971552]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21/12/2007 7:21 AM 33800]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\Kbfilter.sys [26/02/2008 6:07 PM 11886]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 AM 72944]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21/12/2007 7:21 AM 468224]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [6/09/2008 3:47 PM 6016]
R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [23/02/2008 1:27 PM 514432]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 AM 7408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - d:\program files\ASUS\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: line6.net
FF - ProfilePath - d:\documents and settings\Stuart\Application Data\Mozilla\Firefox\Profiles\yncdugtl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
// Enable pipelining:
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
user_pref(network.http.pipelining.maxrequests,8);
user_pref(nglayout.initialpaint.delay,0);.
.
------- File Associations -------
.
txtfile="d:\program files\PSPad editor\PSPad.exe" "%1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 19:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
d:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-06-11 19:44
ComboFix-quarantined-files.txt  2009-06-11 09:44

Pre-Run: 6,464,466,944 bytes free
Post-Run: 6,443,311,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

164   --- E O F ---   2009-05-13 13:33

Title: Re: Problem with Sysvxd.exe and windows firewall
Post by: evilfantasy on June 11, 2009, 10:18:28 AM

Download DDS from |HERE| (http://www.techsupportforum.com/sectools/sUBs/dds) or |HERE| (http://download.bleepingcomputer.com/sUBs/dds.scr) or |HERE| (http://www.forospyware.com/sUBs/dds) and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Title: Re: Problem with Sysvxd.exe and windows firewall
Post by: zeroth01 on June 12, 2009, 10:00:02 PM

Here are the DDS logs

--------------------

DDS (Ver_09-05-14.01) - NTFSx86 
Run by Stuart at 13:54:20.34 on Sat 13/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.511.43 [GMT 10:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)   {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\ASUS\Bluetooth Software\BTTray.exe
C:\Program Files\MagicKey\MagicKey.exe
C:\Program Files\MagicKey\OSD.EXE
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Stuart\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Versato] "c:\program files\magickey\MagicRun.exe"
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [trueImageMonitor.exe] d:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] d:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless G DWA-510] c:\program files\d-link\d-link wireless g dwa-510\AirGCFG.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "d:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - d:\program files\asus\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - d:\program files\asus\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\program files\asus\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: line6.net
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202015283595
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202015268033
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\stuart\applic~1\mozilla\firefox\profiles\yncdugtl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
// Enable pipelining:
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
user_pref(network.http.pipelining.maxrequests,8);
user_pref(nglayout.initialpaint.delay,0);
============= SERVICES / DRIVERS ===============

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-5-5 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-5-5 971552]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\Kbfilter.sys [2008-2-26 11886]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-9-6 6016]
R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [2008-2-23 514432]
S3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

============== File Associations ===============

txtfile="d:\program files\pspad editor\PSPad.exe" "%1"

=============== Created Last 30 ================

2009-06-11 19:41   288   a-------   c:\windows\system32\temp1600
2009-06-11 19:41   32   a-------   c:\windows\system32\temp1601
2009-06-11 19:40   <DIR>   a-dshr--   C:\cmdcons
2009-06-11 19:38   161,792   a-------   c:\windows\SWREG.exe
2009-06-11 19:38   155,136   a-------   c:\windows\PEV.exe
2009-06-11 19:38   98,816   a-------   c:\windows\sed.exe
2009-06-11 19:38   388,608   a-------   c:\windows\system32\CF2691.exe
2009-06-11 19:38   <DIR>   --ds----   C:\ComboFix
2009-06-09 23:22   <DIR>   --d-----   c:\program files\Trend Micro
2009-06-09 23:03   410,984   a-------   c:\windows\system32\deploytk.dll
2009-06-09 22:39   <DIR>   --d-----   d:\docume~1\stuart\applic~1\Malwarebytes
2009-06-09 22:39   40,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 22:39   19,096   a-------   c:\windows\system32\drivers\mbam.sys
2009-06-09 22:39   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-09 20:43   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-09 20:43   <DIR>   --d-----   d:\docume~1\stuart\applic~1\SUPERAntiSpyware.com
2009-06-09 20:42   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
2009-05-20 21:51   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Xyris Software
2009-05-20 21:50   <DIR>   --d-----   c:\program files\Xyris Software

==================== Find3M  ====================

2009-05-05 23:01   971,552   a-------   c:\windows\system32\drivers\tdrpm174.sys
2009-05-05 23:01   540,000   a-------   c:\windows\system32\drivers\timntr.sys
2009-05-05 23:01   44,704   a-------   c:\windows\system32\drivers\tifsfilt.sys
2009-05-05 23:01   134,272   a-------   c:\windows\system32\drivers\snman380.sys
2008-02-17 14:41   32   a-------   c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-03-01 11:08   56   ---shr--   c:\windows\system32\857CB29EF8.sys
2008-03-01 11:08   1,890   a--sh---   c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:57:29.51 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/02/2008 1:55:41 PM
System Uptime: 13/06/2009 1:47:06 PM (0 hours ago)

Motherboard: http://www.abit.com.tw/ |  | NF7-S/NF7 (nVidia-nForce2)
Processor: AMD Athlon(tm) XP 2600+ | Socket A | 2079/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 15 GiB total, 5.976 GiB free.
D: is FIXED (NTFS) - 50 GiB total, 45.176 GiB free.
E: is FIXED (NTFS) - 298 GiB total, 152.049 GiB free.
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_1C02147B&REV_A1\3&13C0B0C5&0&20
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_0066&SUBSYS_1C02147B&REV_A1\3&13C0B0C5&0&20
Service: NVENET

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N81
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N81
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP181: 3/05/2009 11:14:15 PM - Software Distribution Service 3.0
RP182: 5/05/2009 11:00:33 PM - Installed Acronis True Image Home
RP183: 7/05/2009 10:36:30 PM - System Checkpoint
RP184: 12/05/2009 6:57:05 PM - System Checkpoint
RP185: 13/05/2009 11:31:34 PM - Software Distribution Service 3.0
RP186: 18/05/2009 7:33:33 PM - System Checkpoint
RP187: 20/05/2009 9:27:51 PM - System Checkpoint
RP188: 20/05/2009 9:50:33 PM - Installed FoodWorks 2007
RP189: 21/05/2009 10:40:27 PM - System Checkpoint
RP190: 25/05/2009 7:08:14 PM - System Checkpoint
RP191: 28/05/2009 8:03:17 PM - System Checkpoint
RP192: 31/05/2009 12:08:46 PM - System Checkpoint
RP193: 8/06/2009 2:22:03 PM - System Checkpoint
RP194: 9/06/2009 2:53:16 PM - System Checkpoint
RP195: 9/06/2009 8:43:03 PM - Installed SUPERAntiSpyware Free Edition
RP196: 9/06/2009 11:02:46 PM - Installed Java(TM) 6 Update 14
RP197: 11/06/2009 7:38:56 PM - ComboFix created restore point

==== Installed Programs ======================


µTorrent
7-Zip 4.57
Acronis True Image Echo Workstation
Acronis True Image Home
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
ANIO Service
ANIWZCS2 Service
ASUS Bluetooth Software
Audacity 1.2.6
AutoUpdate
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities PhotoStitch 3.1
Canon Utilities Solution Menu
Canon ZoomBrowser EX
CCleaner (remove only)
Chinese Traditional Fonts Support For Adobe Reader 8
Critical Update for Windows Media Player 11 (KB959772)
D-Link Wireless G DWA-510
DivX Player
DVD Flick
DVD Shrink 3.2
e-tax 2008
ESET NOD32 Antivirus
FileZilla Client 3.0.8.1
FoodWorks 2007
Google Earth
GSpot Codec Information Appliance
HijackThis 2.0.2
Home Media Server 4.1.4.0067
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Huffyuv AVI lossless video codec (Remove Only)
Image Resizer Powertoy for Windows XP
Java(TM) 6 Update 14
K-Lite Codec Pack 4.1.6 (Full)
LimeWire 4.16.7
Line 6 Uninstaller
Magic Keyboard
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2008 Express Edition - ENU
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft XML Parser
MovieEdit Task
MozBackup 1.4.7
Mozilla Firefox (3.0.10)
Mozilla Thunderbird (2.0.0.21)
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Nero 8
neroxml
Network Stumbler 0.4.0 (remove only)
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.5
Nokia NSeries Application Installer
Nokia NSeries Content Copier
Nokia NSeries Multimedia Player
Nokia NSeries Music Manager
Nokia NSeries One Touch Access
Nokia NSeries System Utilities
Nokia Software Launcher
Nokia Software Updater
NvMixer
PC Connectivity Solution
PhotoStitch
PowerDVD
PSPad editor
QuickTime
RAW Image Task 2.0
RemoteCapture Task 1.1
RiffWorks Line 6 Edition
Royale Remixed Theme
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Skype™ 3.6
SUPERAntiSpyware Free Edition
TrueCrypt
Ulead VideoStudio 8.0
UltraVNC v1.0.2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VCRedistSetup
WebFldrs XP
Winamp
Winamp Remote
WinDirStat 1.1.2
Windows Driver Package - Nokia (WUDFRd) WPD  (03/19/2007 6.83.31.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinFast(R) Display Driver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

9/06/2009 10:53:04 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  atapi PCIIde
8/06/2009 1:52:41 PM, error: Service Control Manager [7034]  - The ANIWZCSd Service service terminated unexpectedly.  It has done this 1 time(s).
11/06/2009 9:29:12 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll. Reference error message: The operation completed successfully. .
11/06/2009 9:29:12 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\Program Files\Common Files\Nero\AudioPlugins\msa.dll. Reference error message: The operation completed successfully. .
11/06/2009 9:29:12 PM, error: SideBySide [58]  - Syntax error in manifest or policy file "C:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll" on line 9.
11/06/2009 9:29:12 PM, error: SideBySide [58]  - Syntax error in manifest or policy file "C:\Program Files\Common Files\Nero\AudioPlugins\msa.dll" on line 9.
11/06/2009 7:46:52 PM, error: System Error [1003]  - Error code 00000093, parameter1 00000180, parameter2 00000000, parameter3 00000000, parameter4 00000000.
11/06/2009 7:40:43 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

==== End Of File ===========================

Title: Re: Problem with Sysvxd.exe and windows firewall
Post by: evilfantasy on June 12, 2009, 10:20:40 PM

.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.
.
----------

Download

ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your Desktop.

Alternate download link (http://majorgeeks.com/ATF_Cleaner_d4949.html)

Note: Vista users must use Run As Administrator (http://vistasupport.mvps.org/run_as_administrator.htm)

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Download OTC by OldTimer (http://oldtimer.geekstogo.com/OTC) and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

Important: Restart the computer before continuing.

----------

How is the computer running now?

.

Title: Re: Problem with Sysvxd.exe and windows firewall
Post by: zeroth01 on June 13, 2009, 02:10:24 AM

Hi evilfantasy,

My computer seems to be running well. Does this mean it is free of malware?

When running ATF cleaner the Firefox button was greyed out, however I do use firefox as my web browser. Also the link to OTC by oldtimer was broken but I was able to find the program by searching the geeks to go website.

Thankyou very much for helping me with my computer troubles, you and the rest of the team at Computer Hope are doing a fantastic job!

- Stu

Title: Re: Problem with Sysvxd.exe and windows firewall
Post by: evilfantasy on June 13, 2009, 10:56:46 AM

Sounds good.

Use the  Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

----------

I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*  (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Check out  Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.

Also see  Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.