Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Here's my HJ Scan [RESOLVED]

Started by Popadija58 , Apr 08 2008 05:54 PM

  • This topic is locked This topic is locked

#1
Popadija58
Posted 08 April 2008 - 05:54 PM

Popadija58

    Member

  • Member
  • PipPip
  • 41 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:52 AM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
C:\Program Files\Quark\QuarkXPress 7.0\QuarkXPress Passport.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsmondo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsmondo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Shortcut to Symantec AntiVirus Client.lnk = C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.exe (User 'Default user')
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_list.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: YU-MP3.COM Account Login - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O9 - Extra 'Tools' menuitem: &YU-MP3.COM User Login - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.n...stBGMPlayer.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://news.beograd....sCamControl.ocx
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanma...cab?ver=1,2,2,0
O17 - HKLM\System\CCS\Services\Tcpip\..\{B418FCEC-0E90-4825-ADAE-A5B227A6CC52}: NameServer = 85.255.114.101,85.255.112.62
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9022 bytes
  • 0

Advertisements

#2
eddie5659
Posted 13 April 2008 - 05:06 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Hello Popadija58 :)


Please read this post completely. It may make it easier for you if you print, or copy and paste this post to a new text document for reference later.

This will likely be a few steps process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Download CWShredder here to its own folder.

Update CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder

Download and install CleanUp!

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
Perform the following steps in safe mode:

Run the CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Close the Shredder.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click Yes.

Restart the computer in Normal Mode.

Please download Spybot Search & Destroy and AdAware.

Follow all the instructions on this website to run a scan with both of these softwares.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report as well as a fresh Hijackthis log.

Regards

eddie
  • 0

#3
Popadija58
Posted 13 April 2008 - 09:31 PM

Popadija58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Eddie,

Thanks for try to help. I cannot perform task SAFE MODE because my computer then come up with blue skrin and message: "A problem has been detected and Windows has been shut down to prevent damage to your computer".
At the end of message have ***STIOP: 0x0000007B, 0xF789E524, 0x0000034, 0x00000000, 0x00000000.

I have no idea how to fix this. I tried few times to start in SAFE MODE and allways come up with the same.

Please, explain if I can do your steps in normal mode or else.

Thanks once more,

Popadija58
  • 0

#4
Popadija58
Posted 14 April 2008 - 04:43 PM

Popadija58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Eddie,

Even I couldn't do exactly you mentioned I did scan without SAFE MODE using and here's my report:

1. Ad-Aware scan:

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, April 15, 2008 7:02:36 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R169 07.05.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):16 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-15-2008 7:02:36 AM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 588
ThreadCreationTime : 4-15-2008 4:28:39 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 644
ThreadCreationTime : 4-15-2008 4:28:40 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 4-15-2008 4:28:41 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 4-15-2008 4:28:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 4-15-2008 4:28:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 4-15-2008 4:28:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 936
ThreadCreationTime : 4-15-2008 4:28:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1000
ThreadCreationTime : 4-15-2008 4:28:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1072
ThreadCreationTime : 4-15-2008 4:28:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1108
ThreadCreationTime : 4-15-2008 4:28:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1160
ThreadCreationTime : 4-15-2008 4:28:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [aspnet_admin.exe]
FilePath : C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\
ProcessID : 1476
ThreadCreationTime : 4-15-2008 4:28:48 AM
BasePriority : Normal
FileVersion : 2.0.40607.16 (beta1.040607-1600)
ProductVersion : 2.0.40607.16
ProductName : Microsoft® .NET Framework
CompanyName : Microsoft Corporation
FileDescription : Microsoft ASP.NET Admin Service
InternalName : aspnet_admin.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : aspnet_admin.exe
Comments : Flavor=Retail

#:13 [mdnsresponder.exe]
FilePath : C:\Program Files\Bonjour\
ProcessID : 1492
ThreadCreationTime : 4-15-2008 4:28:49 AM
BasePriority : Normal
FileVersion : 1,0,3,1
ProductVersion : 1,0,3,1
ProductName : Bonjour
CompanyName : Apple Computer, Inc.
FileDescription : Bonjour Service
InternalName : mDNSResponder.exe
LegalCopyright : Copyright © 2003-2006 Apple Computer, Inc.
OriginalFilename : mDNSResponder.exe

#:14 [ekrn.exe]
FilePath : C:\Program Files\ESET\ESET Smart Security\
ProcessID : 1532
ThreadCreationTime : 4-15-2008 4:28:49 AM
BasePriority : Normal
FileVersion : 3.0.650
ProductVersion : 3.0.650
ProductName : ESET Smart Security
CompanyName : ESET
FileDescription : Eset Service
InternalName : ekrn.exe
LegalCopyright : Copyright © Eset 1992-2008. All rights reserved.
LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of ESET.
OriginalFilename : ekrn.exe

#:15 [googleupdaterservice.exe]
FilePath : C:\Program Files\Google\Common\Google Updater\
ProcessID : 1620
ThreadCreationTime : 4-15-2008 4:28:49 AM
BasePriority : Normal
FileVersion : 2.2.824.5515.beta
ProductVersion : 2.2.824.5515.beta
ProductName : Google Updater
CompanyName : Google
FileDescription : gusvc
InternalName : gusvc
LegalCopyright : ©2005-2006 Google. All Rights Reserved.
OriginalFilename : GoogleUpdaterService.exe
Comments : Google Updater

#:16 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1656
ThreadCreationTime : 4-15-2008 4:28:49 AM
BasePriority : Normal
FileVersion : 6.14.10.6176
ProductVersion : 6.14.10.6176
ProductName : NVIDIA Driver Helper Service, Version 61.76
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 61.76
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:17 [scsiaccess.exe]
FilePath : C:\Program Files\Photodex\ProShowGold\
ProcessID : 1684
ThreadCreationTime : 4-15-2008 4:28:49 AM
BasePriority : Normal


#:18 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1780
ThreadCreationTime : 4-15-2008 4:28:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1856
ThreadCreationTime : 4-15-2008 4:28:49 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [spysweeper.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ProcessID : 1912
ThreadCreationTime : 4-15-2008 4:28:49 AM
BasePriority : Normal
FileVersion : 3,2,3,2132
ProductVersion : 3, 2
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Engine
LegalCopyright : Copyright © 2002 - 2006, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe

#:21 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 640
ThreadCreationTime : 4-15-2008 4:29:01 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:22 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 500
ThreadCreationTime : 4-15-2008 4:30:08 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [egui.exe]
FilePath : C:\Program Files\ESET\ESET Smart Security\
ProcessID : 1092
ThreadCreationTime : 4-15-2008 4:30:09 AM
BasePriority : Normal
FileVersion : 3.0.650
ProductVersion : 3.0.650
ProductName : ESET Smart Security
CompanyName : ESET
FileDescription : Eset GUI
InternalName : egui.exe
LegalCopyright : Copyright © Eset 1992-2008. All rights reserved.
LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of ESET.
OriginalFilename : egui.exe

#:24 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1256
ThreadCreationTime : 4-15-2008 4:30:09 AM
BasePriority : Normal
FileVersion : 0.1.0.4279
ProductVersion : 0.1.0.4279
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2007
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:25 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1296
ThreadCreationTime : 4-15-2008 4:30:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:26 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\
ProcessID : 1320
ThreadCreationTime : 4-15-2008 4:30:10 AM
BasePriority : Normal
FileVersion : 2, 0, 301, 1654
ProductVersion : 2, 0, 301, 1654
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2007
OriginalFilename : GoogleToolbarNotifier.exe

#:27 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2076
ThreadCreationTime : 4-15-2008 4:30:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:28 [quarkxpress passport.exe]
FilePath : C:\Program Files\Quark\QuarkXPress 7.0\
ProcessID : 2780
ThreadCreationTime : 4-15-2008 4:36:40 AM
BasePriority : Normal
FileVersion : 7.0r0
ProductVersion : 7.0r0
ProductName : QuarkXPress Passport 7.0r0
CompanyName : Quark, Inc.
FileDescription : QuarkXPress Passport 7.0r0
InternalName : PASSPORT
LegalCopyright : Copyright © 1986-2006 Quark Technology Partnership. All rights reserved.
LegalTrademarks : Quark and QuarkXPress are trademarks of Quark, Inc., Reg. U.S. Pat. & Tm. Off. QuarkXPress Passport is a trademark of Quark, Inc.
OriginalFilename : QuarkXPress Passport.exe

#:29 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3376
ThreadCreationTime : 4-15-2008 4:42:45 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:30 [photoshop.exe]
FilePath : C:\Program Files\Adobe\Photoshop CS\
ProcessID : 1080
ThreadCreationTime : 4-15-2008 4:55:00 AM
BasePriority : Normal
FileVersion : 8.0 (8.0x118)
ProductVersion : CS
ProductName : Adobe Photoshop CS
CompanyName : Adobe Systems, Incorporated
FileDescription : Adobe Photoshop CS
InternalName : Photoshop
LegalCopyright : Copyright 2003 Adobe Systems Inc.
OriginalFilename : Photoshop.exe

#:31 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2456
ThreadCreationTime : 4-15-2008 5:02:08 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (http://listen.daum.n...stbgmplayer.cab)

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
74 entries scanned.
New critical objects:0
Objects found so far: 0



MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-1275210071-725345543-500\software\adobe\adobe acrobat\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe acrobat


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-1275210071-725345543-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-1275210071-725345543-500\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-1275210071-725345543-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-1275210071-725345543-500\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-1275210071-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-1275210071-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-1275210071-725345543-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-1275210071-725345543-500\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-1275210071-725345543-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-1275210071-725345543-500\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16

7:04:09 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:32.672
Objects scanned:132100
Objects identified:0
Objects ignored:0
New critical objects:0


2. PANDA scan:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-15 08:32:43
PROTECTIONS: 2
MALWARE: 15
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
ESET NOD32 Antivirus 3.0 3.0 Yes Yes
Trend Micro Internet Security 14.00 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00034347 dialer.su Dialers No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\switch
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\IMPORTANT\SmitfraudFix\SmitfraudFix\Process.exe
00227735 adware/ideskbar Adware No 0 Yes No c:\windows\system32\idesk.conf
00227735 adware/ideskbar Adware No 0 Yes No c:\windows\system32\dating.bmp
00227735 adware/ideskbar Adware No 0 Yes No c:\windows\system32\pharmacy.bmp
00227735 adware/ideskbar Adware No 0 Yes No c:\windows\system32\spyware.bmp
00227735 adware/ideskbar Adware No 0 Yes No c:\windows\system32\xxx.bmp
00227735 adware/ideskbar Adware No 0 Yes No c:\windows\system32\insurance.bmp
00227735 adware/ideskbar Adware No 0 Yes No c:\windows\system32\gambling.bmp
00227735 adware/ideskbar Adware No 0 Yes No c:\windows\system32\close.bmp
00253851 adware/winprotect Adware No 0 Yes No c:\windows\help\spalert.chm
00399368 Generic Adware Spyware No 0 No No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP74\A0030488.exe[AutoPlay/Docs/AceHTML Pro 6.50.2.rar][AceHTML Pro 6.50.2\acehtml6pro.exe][²èÇ]
00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\IMPORTANT\SmitfraudFix\SmitfraudFix\restart.exe
01048427 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Quark\QuarkXPress 6.0\Patch1.exe
01049070 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Quark\QuarkXPress 6.0\Patch2.exe
01166329 Hacktool/MailBomber.F HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Rade\PROGRAMI\AIO PHOTOSHOP PLUGINS\photoshop plugs\Panopticum Fire\PanFire2Psd.exe
01650961 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Administrator\Desktop\Rade\PROGRAMI\ZLATNI PROGRAMI\SmitfraudFix.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Administrator\Desktop\IMPORTANT\SmitfraudFix\SmitfraudFix\Reboot.exe
02543879 Application/RealSpy HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Rade\PROGRAMI\NewSpy\NewSpy.exe
02573907 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP88\A0042184.exe
02878252 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\Administrator\Desktop\Rade\PROGRAMI\programcici\PROGRAMS\BlazeVideo_HDTV_Player_v2[1].1\BlazeVideo HDTV Player v2.1\Keygen\blazehdtvkeygen.exe
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP63\A0023909.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP63\A0023910.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP63\A0023930.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP63\A0023931.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP63\A0023953.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP63\A0023954.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP63\A0024967.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP63\A0024968.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP64\A0024980.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP64\A0024981.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP64\A0024990.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP64\A0024991.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP64\A0025011.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP64\A0025012.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP65\A0025156.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP65\A0025157.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP65\A0025197.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP65\A0025198.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP65\A0026202.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP65\A0026203.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP65\A0026216.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP65\A0026217.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP65\A0026254.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP65\A0026255.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0026284.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0026285.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0026295.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0026296.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0026318.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0026319.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0026358.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0026359.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0026402.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP63\A0023891.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027412.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027413.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027457.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027458.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027471.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027472.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027480.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027481.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027505.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027506.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027531.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027532.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027557.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0027558.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP67\A0027578.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP67\A0027579.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP67\A0027599.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP67\A0027600.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP68\A0027639.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP68\A0027640.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP68\A0028655.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP68\A0028656.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP68\A0029023.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP68\A0029024.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP69\A0029053.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP69\A0029054.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP69\A0029075.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP69\A0029076.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP70\A0029088.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP70\A0029089.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP70\A0029106.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP70\A0029107.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP70\A0029144.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP70\A0029145.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP70\A0029154.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP70\A0029155.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP71\A0029209.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP71\A0029210.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP71\A0030220.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP71\A0030221.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP73\A0030275.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP73\A0030276.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP73\A0030282.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP73\A0030283.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP73\A0030352.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP73\A0030353.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP73\A0030381.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP73\A0030382.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP73\A0030389.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP73\A0030390.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP73\A0030413.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP73\A0030414.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP63\A0023892.ver
02897167 Exploit/iFrame HackTools No 0 Yes No C:\System Volume Information\_restore{60741487-30F0-440A-9491-14B2DD9A8B31}\RP66\A0026403.ver
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182048 HIGH MS07-069
182046 HIGH MS07-067
182043 HIGH MS07-064
179553 HIGH MS07-061
176382 HIGH MS07-057
176383 HIGH MS07-058
170911 HIGH MS07-050
170907 HIGH MS07-046
170906 HIGH MS07-045
170904 HIGH MS07-043
164915 HIGH MS07-035
164913 HIGH MS07-033
164911 HIGH MS07-031
160623 HIGH MS07-027
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
  • 0

#5
eddie5659
Posted 15 April 2008 - 06:31 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Thanks for the logs, but can you post a fresh HijackThis log as well :)

At work at the moment but will check these when I get home :)

eddie
  • 0

#6
Popadija58
Posted 15 April 2008 - 03:21 PM

Popadija58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:35 AM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Quark\QuarkXPress 7.0\QuarkXPress Passport.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsmondo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsmondo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Shortcut to Symantec AntiVirus Client.lnk = C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.exe (User 'Default user')
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_list.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: YU-MP3.COM Account Login - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O9 - Extra 'Tools' menuitem: &YU-MP3.COM User Login - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.n...stBGMPlayer.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://news.beograd....sCamControl.ocx
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanma...cab?ver=1,2,2,0
O17 - HKLM\System\CCS\Services\Tcpip\..\{B418FCEC-0E90-4825-ADAE-A5B227A6CC52}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8887 bytes
  • 0

#7
eddie5659
Posted 16 April 2008 - 01:40 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Well, it looks like your computer has some malware on its system, so lets work through some things, to clean it up for you.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

eddie
  • 0

#8
Popadija58
Posted 16 April 2008 - 05:12 PM

Popadija58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Eddie,

Here's your requirements. Thanks.

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-17 09:08:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
31: 2008-04-17 07:08:23 UTC - RP93 - Deckard's System Scanner Restore Point
30: 2008-04-16 05:03:43 UTC - RP92 - System Checkpoint
29: 2008-04-14 10:22:22 UTC - RP91 - System Checkpoint
28: 2008-04-11 05:08:38 UTC - RP90 - System Checkpoint
27: 2008-04-09 06:09:35 UTC - RP89 - System Checkpoint


-- First Restore Point --
1: 2008-01-15 06:53:23 UTC - RP63 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:50 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsmondo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsmondo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Shortcut to Symantec AntiVirus Client.lnk = C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.exe (User 'Default user')
O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_list.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: YU-MP3.COM Account Login - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O9 - Extra 'Tools' menuitem: &YU-MP3.COM User Login - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.n...stBGMPlayer.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://news.beograd....sCamControl.ocx
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanma...cab?ver=1,2,2,0
O17 - HKLM\System\CCS\Services\Tcpip\..\{B418FCEC-0E90-4825-ADAE-A5B227A6CC52}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8997 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - c:\windows\system32\drivers\ssfs0509.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - c:\windows\system32\drivers\sshrmd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R0 SSIDRV (Spy Sweeper Interdiction Driver) - c:\windows\system32\drivers\ssidrv.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - c:\windows\system32\drivers\sskbfd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aspnet_admin (ASP.NET Admin Service) - c:\windows\microsoft.net\framework\v2.0.40607\aspnet_admin.exe <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 ScsiAccess - c:\program files\photodex\proshowgold\scsiaccess.exe

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 UPnPService - c:\program files\common files\magix shared\upnpservice\upnpservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\3&61AAA01&0&58
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\3&61AAA01&0&58
Service:

Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&371082C9&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\4&371082C9&0&0
Service: flpydisk


-- Scheduled Tasks -------------------------------------------------------------

2008-04-17 09:03:29 364 --a------ C:\WINDOWS\Tasks\XoftSpy.job
2007-04-19 13:56:47 406 -----n--- C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-02-22 13:39:44 420 -----n--- C:\WINDOWS\Tasks\1-Klick-Wartung.job


-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-15 13:51:35 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-14 13:20:12 0 d-------- C:\Program Files\Panda Security
2008-04-03 12:40:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\PerfectClock2007
2008-04-03 12:39:08 0 d-------- C:\Documents and Settings\All Users\Application Data\PerfectClock2007
2008-04-01 12:10:32 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-01 12:10:32 47360 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-01 12:10:27 0 d-------- C:\Program Files\QRPhotoDVDSlideshow
2008-03-19 09:32:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\MAGIX
2008-03-19 09:32:28 0 d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2008-03-19 09:32:03 0 d-------- C:\Program Files\Common Files\MAGIX
2008-03-19 09:31:50 120200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll <Not Verified; ; DLLDEV32i>
2008-03-19 09:31:50 0 d-------- C:\Program Files\MAGIX
2008-03-17 12:30:31 0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-03-17 12:30:28 0 d-------- C:\Program Files\Winamp Remote


-- Find3M Report ---------------------------------------------------------------

2008-04-17 06:46:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-15 07:01:27 0 d-------- C:\Program Files\ErrorSmart
2008-04-11 05:46:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\ErrorSmart
2008-04-08 13:37:46 0 d-------- C:\Program Files\Trend Micro
2008-04-04 12:49:16 0 d-------- C:\Program Files\WMR11
2008-04-04 12:34:40 0 d-------- C:\Program Files\GrabJPG
2008-04-04 08:04:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Canon
2008-04-03 12:47:09 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-04-03 12:47:06 0 d-------- C:\Program Files\AVSMedia
2008-04-03 12:37:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-03 12:36:40 0 d-------- C:\Program Files\Winamp
2008-04-01 13:54:24 0 d-------- C:\Program Files\FastStone Capture
2008-04-01 12:10:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Vso
2008-04-01 12:10:40 34 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.log
2008-04-01 12:10:32 1144 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
2008-04-01 12:10:32 7887 --a------ C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
2008-03-20 14:09:19 0 d-------- C:\Program Files\Common Files\MAGIX Shared
2008-03-20 09:05:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-03-19 09:32:03 0 d-------- C:\Program Files\Common Files
2008-03-04 14:04:43 452 --ah----- C:\WINDOWS\Fix.reg
2008-02-27 09:47:46 0 d-------- C:\Program Files\Aurora Media Workshop
2008-02-27 09:38:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-02-26 12:03:15 0 d-------- C:\Program Files\AquaSoft
2008-02-26 11:18:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\AquaSoft
2008-02-22 13:27:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Snappy Fax
2008-02-22 13:23:48 0 d-------- C:\Program Files\NCH Swift Sound
2008-02-22 13:23:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
2008-02-22 09:15:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\ESET
2008-02-21 13:57:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-02-18 13:56:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Enfocus Prefs Folder


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [12/31/2002 02:00 PM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [07/12/2004 10:50 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [12/31/2002 02:00 PM C:\WINDOWS\system32\rundll32.exe]
"NVRTCLK"="C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [12/30/2003 11:44 AM]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [03/13/2008 04:48 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/11/2008 08:45 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 02:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/16/2007 09:17 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoSharedDocuments"=00000000
"NoSMMyDocs"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoFind"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"MaxRecentDocs"=11 (0xb)
"NoStartMenuMFUprogramsList"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="csixg.exe"

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadStudio]
C:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart]
C:\Program Files\ErrorSmart\ErrorSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
"C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snappy Fax]
C:\Program Files\Snappy Fax Version 4\sf4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snappy Fax Printer Agent]
"C:\Program Files\Snappy Fax Version 4\sfpagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snappy Fax Printer virtual printer agent]
"C:\Program Files\Snappy Fax Version 4\sfpagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cdc285f-51f8-11dc-ade8-0014851c8aca}]
AutoRun\command- F:\USBNB.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{162ACFDB-58AE-80F1-0708-000707050608}]
C:\WINDOWS\windowssys.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost #***Inserted By STOPzilla***
127.0.0.1 600pics.com # ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1 best4all.net # ***Inserted By STOPzilla***
127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
127.0.0.1 dedmazai.com # ***Inserted By STOPzilla***
127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
127.0.0.1 flavinha.com # ***Inserted By STOPzilla***

64 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-17 09:10:16 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 2047.48 MiB / 1640.45 MiB
Pagefile Memory (total/avail): 3433.82 MiB / 3201.31 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.08 MiB

C: is Fixed (NTFS) - 279.45 GiB total, 233.59 GiB free.
D: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - ST3300831A - 279.46 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 279.45 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AV: Trend Micro Internet Security v14.00 (Trend Micro Inc,) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP 7 Professional\\ftpte.exe:*:Enabled:FTP Transfer Engine"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BERAK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\BERAK
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\STOPzilla!;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=BERAK
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee Pro 2 --> MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Lightroom --> MsiExec.exe /I{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Album Creator --> C:\Program Files\FirmTools\Album Creator\uninstall.exe
Alien Skin Eye Candy 5 Nature --> C:\PROGRA~1\Adobe\PHOTOS~1\Plug-Ins\ALIENS~1\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~1\Plug-Ins\ALIENS~1\EYECAN~1\INSTALL.LOG
Alien Skin Eye Candy 5 Textures --> C:\PROGRA~1\Adobe\PHOTOS~1\Plug-Ins\ALIENS~1\EYECAN~2\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~1\Plug-Ins\ALIENS~1\EYECAN~2\INSTALL.LOG
AquaSoft PhotoFlash 2 --> "C:\Documents and Settings\All Users\Application Data\{A9FAC99B-B4B6-4729-BB02-CB057415EA0E}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
AquaSoft PhotoFlash 2 --> C:\Documents and Settings\All Users\Application Data\{A9FAC99B-B4B6-4729-BB02-CB057415EA0E}\Setup.exe
AquaSoft PhotoKalender 2 --> "C:\Documents and Settings\All Users\Application Data\{65084B98-987D-44AB-B6F9-8D5816F53B2E}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
AquaSoft PhotoKalender 2 --> C:\Documents and Settings\All Users\Application Data\{65084B98-987D-44AB-B6F9-8D5816F53B2E}\Setup.exe
ARTS PDF Crackerjack 5.1.2 --> C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\plug_ins\ARTSPD~1\UNWISE.EXE C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\plug_ins\ARTSPD~1\INSTALL.LOG
Aspi setup --> "C:\Program Files\Aurora Media Workshop\unins001.exe"
Aurora Media Workshop 3.3.52 --> "C:\Program Files\Aurora Media Workshop\unins000.exe"
AV Bros. Page Curl Pro 2.1 (Remove Only) --> C:\Program Files\Adobe\Photoshop CS\Plug-Ins\AV Bros Page Curl Pro 2.1\AVUninstall2.exe
AVS DVD Player version 2.3 --> "C:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
Brother HL-5240 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C7B2337-71A1-485F-8668-2D321D56D727}\SETUP.exe" -l0x9 -removeonly /uninst
Canon CanoScan Toolbox 4.8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}\setup.exe" -l0x9 anything
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
CuteFTP 7 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}\Setup.exe" -l0x9
ErrorSmart --> MsiExec.exe /X{66268879-215C-4D5B-B197-1D9868339BAD}
Eset-NOD32: Fix Dasumo v3 until 2029 --> C:\Program Files\ESET\uninstall.exe
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
Extensis Mask Pro 2.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Extensis\Mask Pro 2.0\Uninst.isu"
Extensis PhotoFrame 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA53DF31-06F5-11D7-B1E5-0050DA6C326B}\Setup.exe" -l0x9 -uninst
FastStone Capture 4.5 --> C:\Program Files\FastStone Capture\uninst.exe
FastStone Image Viewer 3.2 --> C:\Program Files\FastStone Image Viewer\uninst.exe
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
FinePixViewer Ver.5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
Flash Slideshow Maker 2.32 --> C:\Program Files\AnvSoft\Flash Slide Show Maker\uninst.exe
FLV Player --> C:\Program Files\FLV Player\uninstall.exe
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Kodak DIGITAL GEM Airbrush Professional Plug-In --> MsiExec.exe /I{AD871377-A1A3-4D7B-AA5E-EB163E1202C6}
Kodak DIGITAL ROC Professional Plug-In --> MsiExec.exe /I{47786DE3-7FCA-4F5D-B3D5-D15BFE3ABCD8}
Magic ISO Maker v5.4 (build 0248) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Office 2003 programski dodatak za preslovljavanje --> MsiExec.exe /I{51312349-0B4D-450E-AFAA-03CC28A9531F}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PackPal Flash Gallery Maker --> C:\PROGRA~1\PACKPA~1\UNWISE.EXE C:\PROGRA~1\PACKPA~1\INSTALL.LOG
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photo Collage 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D42CBBC-2089-44AB-8021-369DDB962816}\Setup.exe"
Photo DVD Creator 5.2 --> "C:\Program Files\Photo DVD Creator\unins000.exe"
Photo Frame Maker 2.7 --> "C:\Program Files\Zeallsoft\PhotoFrameMaker\unins000.exe"
Picture Resize Genius 2.8.2 --> "C:\Program Files\Picture Resize Genius\unins000.exe"
ProShow Gold --> C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
QRPhotoDVDSlideshow v3.3.3 --> "C:\Program Files\QRPhotoDVDSlideshow\unins000.exe"
QuarkXPress 6.0 --> MsiExec.exe /I{FF0B0792-F6E7-4627-B820-EA50617E223B}
QuarkXPress 7.0 --> MsiExec.exe /I{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Quite A Box Of Tricks (English) --> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\qbox32_uninstall.exe
Quite Imposing Plus (English) --> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\qiplus32_uninstall.exe
Quite Imposing Plus 2.0 (English) --> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\plug_ins\qiplus2_uninstall.exe
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sothink FLV Player --> "C:\Program Files\SourceTec\Sothink Video Encoder for Adobe Flash\unins001.exe"
Sothink SWF Quicker --> "C:\Program Files\SourceTec\Sothink SWF Quicker\unins000.exe"
Sothink Video Encoder for Adobe Flash --> "C:\Program Files\SourceTec\Sothink Video Encoder for Adobe Flash\unins000.exe"
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SWFText --> C:\PROGRA~1\SWFText\UNWISE.EXE C:\PROGRA~1\SWFText\INSTALL.LOG
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Uninstall AutoEye --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Photoshop CS\Plug-Ins\AutoEye\AutoEye Uninstall.log
Vertus Fluid Mask 2.0.3 --> "C:\Program Files\Adobe\Photoshop CS\Plug-Ins\Adobe Photoshop Only\Filters\Vertus Fluid Mask\Uninstall.exe"
Visual C++ 8.0 CRT (x86) WinSXS MSM --> MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM --> MsiExec.exe /I{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 MFC (x86) WinSXS MSM --> MsiExec.exe /I{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM --> MsiExec.exe /I{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}
Web Gallery Wizard PRO 1.5.3113.1 --> "C:\Program Files\Web Gallery Wizard PRO\unins000.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wondershare DVD Slideshow Builder(2.1.1.0) --> "C:\Program Files\Wondershare\DVD Slideshow Builder\unins000.exe"
Wondershare Flash Album Studio (1.8.0) Trial Version --> "C:\Program Files\Wondershare\Flash Album Studio\unins000.exe"
Wondershare Photo Collage Studio (2.4.0) Trial Version --> "C:\Program Files\Wondershare\Photo Collage Studio\unins000.exe"
Wondershare Photo Story Platinum (2.8.2) Trial Version --> "C:\Program Files\Wondershare\Photo Story Platinum\unins000.exe"
XoftSpy --> C:\Program Files\XoftSpy\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo!7 Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type17040 / Warning
Event Submitted/Written: 04/17/2008 06:03:21 AM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type17039 / Warning
Event Submitted/Written: 04/17/2008 06:03:21 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 800401E4.

Event Record #/Type17038 / Warning
Event Submitted/Written: 04/17/2008 06:03:21 AM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type17037 / Warning
Event Submitted/Written: 04/17/2008 06:03:21 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 800401E4.

Event Record #/Type17036 / Warning
Event Submitted/Written: 04/17/2008 06:03:21 AM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type28327 / Error
Event Submitted/Written: 04/17/2008 06:03:22 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NAVAPEL service failed to start due to the following error:
%%2

Event Record #/Type28326 / Error
Event Submitted/Written: 04/17/2008 06:03:22 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
%%1058

Event Record #/Type28303 / Error
Event Submitted/Written: 04/16/2008 06:10:34 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NAVAPEL service failed to start due to the following error:
%%2

Event Record #/Type28302 / Error
Event Submitted/Written: 04/16/2008 06:10:34 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
%%1058

Event Record #/Type28283 / Error
Event Submitted/Written: 04/15/2008 06:30:23 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NAVAPEL service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-04-17 09:10:16 ------------
  • 0

#9
eddie5659
Posted 19 April 2008 - 08:44 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Sorry for not coming back sooner, my cable provider is acting up, and they've said it may be solved in a few days :)


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

eddie
  • 0

#10
Popadija58
Posted 20 April 2008 - 06:45 PM

Popadija58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OK Eddie, here's required scan result.

Thanks once more.

Malwarebytes' Anti-Malware 1.11
Database version: 663

Scan type: Quick Scan
Objects scanned: 32345
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3c78b8e2-6c4d-11d1-ade2-0000f8754b99} (Adware.Casino) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Aurora Media Workshop\viscomwave.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Install.dat (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

Advertisements

#11
eddie5659
Posted 21 April 2008 - 12:10 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Internet seems to be better, not slow anymore. Will test it out tonight with some gaming :)


Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply.

eddie
  • 0

#12
Popadija58
Posted 21 April 2008 - 04:52 PM

Popadija58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OK Eddie,

Here's your request:

04/22/08 08:45:18 [Info]: BlackLight Engine 1.0.70 initialized
04/22/08 08:45:18 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/22/08 08:45:18 [Note]: 7019 4
04/22/08 08:45:18 [Note]: 7005 0
04/22/08 08:45:32 [Note]: 7006 0
04/22/08 08:45:32 [Note]: 7022 0
04/22/08 08:45:32 [Note]: 7011 1228
04/22/08 08:45:32 [Note]: 7035 0
04/22/08 08:45:32 [Note]: 7026 0
04/22/08 08:45:33 [Note]: 7026 0
04/22/08 08:45:38 [Note]: FSRAW library version 1.7.1024
04/22/08 08:50:49 [Note]: 7007 0
  • 0

#13
eddie5659
Posted 23 April 2008 - 01:29 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Thanks :)


Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log


eddie
  • 0

#14
Popadija58
Posted 23 April 2008 - 06:07 PM

Popadija58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Username "Administrator" - 04/24/2008 10:00:36 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="csixg.exe"

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "gxisc" Value deleted
HKCR\CLSID\{42E52576-5A58-4416-8414-AAAC51D754C5}\_h\4 Deleted.
....
~~~~~ Misc files.
C:\WINDOWS\Help\SPAlert.chm Deleted
C:\WINDOWS\System32\close.bmp Deleted
C:\WINDOWS\System32\dating.bmp Deleted
C:\WINDOWS\System32\gambling.bmp Deleted
C:\WINDOWS\System32\idesk.conf Deleted
C:\WINDOWS\System32\insurance.bmp Deleted
C:\WINDOWS\System32\pharmacy.bmp Deleted
C:\WINDOWS\System32\spyware.bmp Deleted
C:\WINDOWS\System32\xxx.bmp Deleted
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NVRTCLK"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe"
"egui"="\"C:\\Program Files\\ESET\\ESET Smart Security\\egui.exe\" /hide /waitservice"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
  • 0

#15
eddie5659
Posted 26 April 2008 - 09:53 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.



Also, post a fresh HijackThis log as well :)

eddie
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP