Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My brother's computer is infected! Need help

Started by yanniv , May 04 2008 06:03 PM

  • This topic is locked This topic is locked

#16
yanniv
Posted 07 May 2008 - 06:28 PM

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Check out the picture i posted (you'll understand what i mean)

Attached Thumbnails

  • online_scanner.jpg

  • 0

Advertisements

#17
miekiemoes
Posted 07 May 2008 - 11:14 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Strange..

Try this online scanner instead:

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply and also let me know how things are now.

  • 0

#18
yanniv
Posted 08 May 2008 - 09:27 PM

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hi,

Even after the first scan Avira is still locating unwanted files, should i keep deleting them? I also realized that my computer has slowen down a bit but i guess this is normal since i installed the antivirus+super add blocker.

Anyways, this is the log:


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3086 (20080508)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=debcf15bacb2584cbf9e183036fabc2f
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-05-09 02:38:54
# local_time=2008-05-08 10:38:54 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=855607
# found=182
# scan_time=18667
C:\WINDOWS\autorun.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\f3PSSavr.scr Win32/Toolbar.MyWebSearch application (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\A0067752.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\A0067762.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP383\A0067888.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP411\A0083998.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP411\A0084015.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\A0084977.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\A0084987.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\A0085002.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP419\A0085024.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP422\A0086119.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP422\A0086143.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP422\A0087158.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP422\A0087182.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP425\A0087380.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP425\A0088397.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP426\A0088404.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP426\A0088420.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP426\A0088433.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP426\A0088460.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP426\A0088481.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP428\A0088589.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP428\A0088599.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP428\A0088663.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP429\A0088678.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP429\A0088697.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP429\A0089697.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP430\A0089711.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP430\A0090698.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP430\A0090713.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP430\A0090729.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP431\A0090744.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP431\A0090759.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP431\A0090778.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP431\A0091778.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP431\A0091791.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP431\A0091814.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP431\A0091831.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP434\A0092938.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP434\A0092949.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP434\A0092968.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP439\A0094255.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP439\A0094271.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP442\A0094984.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\A0067132.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\A0067171.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\A0067184.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP377\A0067199.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP389\A0068075.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP389\A0068084.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP389\A0068107.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP390\A0068132.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP390\A0069151.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069161.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069171.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069188.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069202.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069218.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069235.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP391\A0069248.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0069260.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0069270.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0069668.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0070630.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP392\A0071674.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP393\A0071686.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP393\A0071699.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP394\A0071710.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP395\A0071713.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP396\A0071779.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP397\A0071791.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\A0077535.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\A0077547.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\A0077561.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP404\A0077582.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP405\A0077589.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP405\A0077602.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0077607.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0078700.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0078713.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0079714.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP406\A0080714.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0080718.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0080740.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0080756.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0081756.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP407\A0082756.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0082765.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0082775.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0083775.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0083788.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP408\A0083802.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP409\A0083815.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP409\A0083940.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP398\A0071837.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP399\A0071855.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\A0071903.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\A0072013.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\A0072030.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP400\A0072047.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0072053.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0073065.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0074066.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0074116.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP401\A0074141.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP402\A0074148.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP410\A0083946.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP410\A0083977.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\A0084023.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\A0084072.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\A0084105.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP412\A0084137.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP413\A0084147.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP413\A0084161.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP413\A0084174.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084182.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084191.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084218.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084236.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084249.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP414\A0084272.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP415\A0084282.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP415\A0084302.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP416\A0084312.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP416\A0084322.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP417\A0084340.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP417\A0084349.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\A0084404.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\A0084413.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\A0084767.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP418\A0084955.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP420\A0085037.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP420\A0085052.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP420\A0085068.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP421\A0085076.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP421\A0086069.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP421\A0086091.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP421\A0086108.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP423\A0087190.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP423\A0087204.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP423\A0087220.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP423\A0087237.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP424\A0087244.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP424\A0087358.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP424\A0087372.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP427\A0088495.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP427\A0088518.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP427\A0088583.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0067056.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0067086.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0067120.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP378\A0067209.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP379\A0067211.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP379\A0067228.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP380\A0067266.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP380\A0067398.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\A0067404.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\A0067611.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\A0067635.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP381\A0067650.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\A0067656.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\A0067665.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\A0067696.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP382\A0067730.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP384\A0067899.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP384\A0067929.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP385\A0067935.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP386\A0067945.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP386\A0067959.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\A0067973.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\A0067990.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\A0068005.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP387\A0068019.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP388\A0068026.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP388\A0068039.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0074151.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0074180.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0074530.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0075530.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0076530.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP403\A0077531.inf INF/Autorun virus (unable to clean - deleted) 00000000000000000000000000000000
  • 0

#19
miekiemoes
Posted 08 May 2008 - 11:05 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#20
yanniv
Posted 11 May 2008 - 03:18 PM

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Help

I'm on this page: http://www.bleepingc...to-use-combofix

In step 3, after i drag the Microsoft file on top of the ComboFix icon, it immediately asks me if i want to run combofix exe. In the instructions (step 4) it says that ComboFix will automatically install the Windows Recovery Console onto the computer but that's not what seems to happen. Do i still run combofix?
  • 0

#21
miekiemoes
Posted 11 May 2008 - 03:21 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Yes, please run Combofix.
  • 0

#22
yanniv
Posted 15 May 2008 - 10:16 AM

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
ComboFix 08-05-11.1 - HP_Owner 2008-05-14 12:02:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.162 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Application Data\inst.exe
C:\Program Files\winupdates
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\_004526_.tmp.dll
C:\WINDOWS\system32\_004527_.tmp.dll
C:\WINDOWS\system32\_004528_.tmp.dll
C:\WINDOWS\system32\_004529_.tmp.dll
C:\WINDOWS\system32\_004536_.tmp.dll
C:\WINDOWS\system32\_004537_.tmp.dll
C:\WINDOWS\system32\_004538_.tmp.dll
C:\WINDOWS\system32\_004539_.tmp.dll
C:\WINDOWS\system32\_004541_.tmp.dll
C:\WINDOWS\system32\_004542_.tmp.dll
C:\WINDOWS\system32\_004545_.tmp.dll
C:\WINDOWS\system32\_004546_.tmp.dll
C:\WINDOWS\system32\_004548_.tmp.dll
C:\WINDOWS\system32\_004549_.tmp.dll
C:\WINDOWS\system32\_004550_.tmp.dll
C:\WINDOWS\system32\_004552_.tmp.dll
C:\WINDOWS\system32\_004555_.tmp.dll
C:\WINDOWS\system32\_004556_.tmp.dll
C:\WINDOWS\system32\_004560_.tmp.dll
C:\WINDOWS\system32\_004561_.tmp.dll
C:\WINDOWS\system32\_004563_.tmp.dll
C:\WINDOWS\system32\_004566_.tmp.dll
C:\WINDOWS\system32\_004568_.tmp.dll
C:\WINDOWS\system32\_004569_.tmp.dll
C:\WINDOWS\system32\_004570_.tmp.dll
C:\WINDOWS\system32\_004571_.tmp.dll
C:\WINDOWS\system32\_004572_.tmp.dll
C:\WINDOWS\system32\_004575_.tmp.dll
C:\WINDOWS\system32\_004576_.tmp.dll
C:\WINDOWS\system32\_004577_.tmp.dll
C:\WINDOWS\system32\_004578_.tmp.dll
C:\WINDOWS\system32\_004579_.tmp.dll
C:\WINDOWS\system32\_004584_.tmp.dll
C:\WINDOWS\system32\_004586_.tmp.dll
C:\WINDOWS\system32\_004587_.tmp.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\testdll.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-14 03:59 . 2008-05-14 03:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-14 03:59 . 2008-05-14 03:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-09 18:07 . 2008-05-09 18:10 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-09 18:07 . 2008-05-09 18:10 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-09 18:07 . 2008-05-09 18:10 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-09 17:58 . 2007-10-25 23:34 12,872,704 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-05-09 17:57 . 2008-05-09 17:57 <DIR> d-------- C:\WINDOWS\EHome
2008-05-09 17:17 . 2008-05-09 18:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-09 16:45 . 2008-05-09 16:45 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-05-09 16:40 . 2008-05-09 16:40 <DIR> d-------- C:\Program Files\NinjaVideo
2008-05-08 17:15 . 2008-05-08 22:38 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-05-07 19:42 . 2008-05-07 19:42 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-07 19:42 . 2008-05-07 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-07 18:55 . 2008-05-07 18:55 <DIR> d-------- C:\kav
2008-05-07 14:47 . 2008-05-07 14:47 <DIR> d-------- C:\Program Files\SUPERFileRecover
2008-05-07 13:23 . 2008-05-07 13:23 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SuperAdBlocker.com
2008-05-07 13:22 . 2008-05-07 13:24 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2008-05-07 13:22 . 2008-05-07 14:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 18:59 . 2008-05-06 18:59 <DIR> d-------- C:\Program Files\Avira
2008-05-06 18:59 . 2008-05-06 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-05 11:45 . 2008-05-05 12:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Ulead Systems
2008-05-05 11:44 . 2008-05-05 11:44 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-05-05 11:44 . 2008-05-05 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-05-05 11:43 . 2008-05-05 11:43 <DIR> d-------- C:\Program Files\Windows Media Components
2008-05-05 11:42 . 2008-05-05 11:42 <DIR> d-------- C:\Program Files\Ulead Systems
2008-05-05 11:42 . 2008-05-05 11:43 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-05-05 11:42 . 2008-05-05 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-01 19:39 . 2008-05-01 19:39 <DIR> d-------- C:\Program Files\Common Files\pool
2008-04-25 16:04 . 2004-08-04 08:00 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2008-04-25 16:04 . 2004-08-04 08:00 126,976 --a--c--- C:\WINDOWS\system32\dllcache\mshearts.exe
2008-04-25 16:04 . 2004-08-04 08:00 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2008-04-25 16:04 . 2004-08-04 08:00 119,808 --a--c--- C:\WINDOWS\system32\dllcache\winmine.exe
2008-04-25 16:03 . 2004-08-04 08:00 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2008-04-25 16:03 . 2004-08-04 08:00 55,296 --a--c--- C:\WINDOWS\system32\dllcache\freecell.exe
2008-04-25 15:49 . 2004-08-04 08:00 56,832 --a------ C:\WINDOWS\system32\sol.exe
2008-04-25 15:49 . 2004-08-04 08:00 56,832 --a--c--- C:\WINDOWS\system32\dllcache\sol.exe
2008-04-24 14:13 . 2003-03-31 07:00 138,752 --a------ C:\WINDOWS\system\sndvol32.exe
2008-04-24 00:12 . 2008-04-24 00:12 <DIR> d-------- C:\WINDOWS\system32\recover
2008-04-23 22:45 . 2008-04-23 22:45 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 06:44 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Azureus
2008-05-09 20:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-07 17:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 22:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-05 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-05 15:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 19:37 --------- d-----w C:\Program Files\DivX
2008-04-24 04:52 4,119 ----a-w C:\WINDOWS\viassary-hp.reg
2008-04-22 02:18 --------- d-----w C:\Program Files\Azureus
2008-04-18 01:07 --------- d-----w C:\Program Files\LimeWire
2008-04-14 00:15 218,134 ----a-w C:\WINDOWS\AppPatch\SET4F3.tmp
2008-04-14 00:15 204,396 ----a-w C:\WINDOWS\AppPatch\SET4F2.tmp
2008-04-14 00:15 1,202,774 ----a-w C:\WINDOWS\AppPatch\SET4F1.tmp
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\SET456.tmp
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\SET4F7.tmp
2008-04-14 00:11 39,424 ------w C:\WINDOWS\AppPatch\SET1096.tmp
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\SET4F5.tmp
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\SET4F6.tmp
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\SET4F4.tmp
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\SET4F8.tmp
2008-04-06 05:28 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-27 21:59 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-27 21:59 --------- d-----w C:\Program Files\Common Files\Real
2008-03-21 18:11 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-21 18:11 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\DAEMON Tools
2008-03-21 03:21 --------- d-----w C:\Program Files\Java
2007-12-19 04:07 87,608 ----a-w C:\Documents and Settings\HP_Owner\Application Data\ezpinst.exe
2007-12-19 04:07 47,360 ----a-w C:\Documents and Settings\HP_Owner\Application Data\pcouffin.sys
2006-10-17 00:32 14 ----a-w C:\Documents and Settings\HP_Owner\getfile.dat
2004-10-25 01:18 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
<pre>
----a-w		   328,192 2007-03-21 13:00:11  C:\My Downloads\1Click DVD COPY 5.1.1.9 + crack\1Click DVD COPY 5.1.1.9 + crack\1Click DVD COPY 5.1.1.9 AS_v2T patch .ExE
</pre>


------- Sigcheck -------

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 15:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 18:05 630784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-27 17:59 185896]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-10-23 22:15 2076160]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 15:41:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 03:43:08 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 03:43:14 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
U.S. Robotics 802.11g Wireless Network Utility.lnk - C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe [2005-07-11 16:14:00 290816]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-08-01 09:28 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
Debugger=notepad.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RocketDock.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^TransBar.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^UberIcon.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2004-07-03 05:49 57344 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2004-07-06 04:05 2550272 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckRegDefragOnce]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 15:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-01-13 10:47 163840 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 2004-06-07 21:42 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 21:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 19:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I downloaded pirated Software from P2P and now I post my Hijack log whining]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-01-13 10:47 131072 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-05-16 11:58 213936 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 23:02 61440 C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2001-07-09 07:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-01-13 10:46 135168 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-14 23:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-07-01 21:58 73728 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2005-10-23 22:15 2076160 C:\Program Files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker]
--a------ 2007-08-01 09:28 1564672 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systweak Wallpaper Changer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-27 17:59 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
--a------ 2005-09-14 21:44 65536 C:\Program Files\USB Disk Win98 Driver\Res.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-03-03 14:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Recycler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ImapiService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\kav\\kis\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52525:TCP"= 52525:TCP:PORT1

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-05-01 14:05]
R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
R2 AMDRAIDXpert;AMD RAIDXpert;"C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe" -s raidxpert.wrapper.conf []
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-05-10 03:26]
R2 NinjaVideo Helper.exe;NinjaVideo Helper;"C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe" [2008-04-10 21:01]
S3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\DRIVERS\BCGAME.SYS []
S3 bcgbus;Nostromo USB Device Driver;C:\WINDOWS\system32\DRIVERS\BCGBUS.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2007-09-11 23:35:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 12:10:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-14 12:14:45 - machine was rebooted [HP_Owner]
ComboFix-quarantined-files.txt 2008-05-14 16:14:38

Pre-Run: 71,320,743,936 bytes free
Post-Run: 71,757,807,616 bytes free

330 --- E O F --- 2008-04-30 22:34:21
  • 0

#23
yanniv
Posted 15 May 2008 - 10:19 AM

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:13 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135490778609
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NinjaVideo Helper (NinjaVideo Helper.exe) - NinjaVideo - C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10347 bytes
  • 0

#24
miekiemoes
Posted 15 May 2008 - 10:29 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Much better...

Please delete next folder:

C:\My Downloads\1Click DVD COPY 5.1.1.9 + crack

Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Recycler]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I downloaded pirated Software from P2P and now I post my Hijack log whining]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
  • 0

#25
yanniv
Posted 15 May 2008 - 11:42 AM

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hi,

Do i simply right click on C:\My Downloads\1Click DVD COPY 5.1.1.9 + crack and delete?

I'm sorry. i don't understand exactly what am i suppose to do after that...
Do i copy paste the following in a new notepad?

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Recycler]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I downloaded pirated Software from P2P and now I post my Hijack log whining]

I name it fix.reg and save as "all files"? Then i double-click and click OK...

Finally i type ComboFix /u in -->start-->run, hit ENTER and that should do it??

Thank You
  • 0

Advertisements

#26
miekiemoes
Posted 15 May 2008 - 11:59 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Yes, exactly as how it was written in my instructions.
Is there something you don't understand?
  • 0

#27
yanniv
Posted 15 May 2008 - 12:48 PM

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Is there anything else to do after i uninstalled combofix?
Also do u want me to post a new log? Do i have to keep the fix.reg file or can i delete it?
Finally, should i run the program SuperFileRecover or is it unnecessary?

Thanks
  • 0

#28
miekiemoes
Posted 15 May 2008 - 01:08 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Yes, you may delete the fix.reg.

Not needed to post a new log - it was already clean before.

should i run the program SuperFileRecover or is it unnecessary?

Why would that be needed?
  • 0

#29
yanniv
Posted 15 May 2008 - 01:58 PM

yanniv

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 107 posts
Hi,

I'm asking in case some files were damaged or deleted...
Anyways, my computer won't install Flash player. After downloading it says:

Failed to install.
For troubleshooting tips, please see http://www.adobe.com/go/tn_19166
  • 0

#30
miekiemoes
Posted 15 May 2008 - 02:04 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
We have deleted the malware related files, so you don't want to restore them. :)

Anyways, my computer won't install Flash player. After downloading it says:

Failed to install.
For troubleshooting tips, please see http://www.adobe.com/go/tn_19166

Then read the link you just posted for troubleshooting. I would have given you the same link anyway. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP