Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Worse Malware I have ever seen...

Started by lenglain , Jun 10 2008 08:02 AM

  • Please log in to reply

#1
lenglain
Posted 10 June 2008 - 08:02 AM

lenglain

    New Member

  • Member
  • Pip
  • 4 posts
When I click my startmenu bar most of the options have dissapeared, I can't access program folders, control panel, run, search, or any of those things, it just lists icons like notepad, ie, etc.

Task manager has been disabled by system administrator
Registry editing has been disabled by system administrator
I cannot access my hardrives from my computer unless I type them manually in the address bar, they have been hidden.

My wallpaper has been replaced by a red and white "your computer is in danger" background that opens a website when you click it. (I managed to get rid of that so I can't remember what it said exactly.)

When I mouse over any icon, it gives me file size, date, and "VIRUS ALERT!" It shows that when I go into properties. And it says "VIRUS ALERT!" next to the clock in my system tray.

I have "error cleaner" and some other fake anti-virus icon on my desktop

I get frequent "detected an internet attack!" alerts, Internet explorer pops up with various alerts and pop-ups.

The only file I found that caused much of my trouble was winspywareprotection, I believe I have removed this with Regrun Partizan, along with other files it has found.

Last but not least, I myself have installed KGB keylogger on my computer, and I know that it's running. I think the process is MPK.something, but it NEVER SHOWS UP ON ANY VIRSU/SPYWARE/MALWARE SCAN!!! How is that possible, are they all crap? It doesn't show up ony anny of the alternative process viewers I use either, yet it's there!!


This all happened after I downloaded a file yesterday that was supposed to allow me to view EURO2008 games online. I clicked it and nothing happned, I deleted the file and all the trouble started at once.

Would appreciate any info thanks.
  • 0

Advertisements

#2
Ness
Posted 10 June 2008 - 10:03 AM

Ness

    Banned

  • Banned
  • PipPipPip
  • 673 posts
Hello lenglain and welcome to Geeks to Go!

I will be helping you clean your computer.

1. Deckard's System Scanner
------------------------------------------------

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

In your next post
------------------------------------------------
  • DSS Log

  • 0

#3
lenglain
Posted 11 June 2008 - 12:57 AM

lenglain

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi thanks for the rather fast reply. here is are the logs:

Deckard's System Scanner v20071014.68
Run by igajon on 2008-06-11 08:48:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-11 06:48:42 UTC - RP151 - Deckard's System Scanner Restore Point
3: 2008-06-11 05:49:16 UTC - RP150 - RegRun Virus Scan
2: 2008-06-10 19:25:56 UTC - RP149 - Installed AVG Free 8.0
1: 2008-06-10 12:30:08 UTC - RP148 - RegRun Virus Scan


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.76 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-11 08:51:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer1.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\RocketDock\RocketDock.exe
D:\k-meleon\loader.exe
D:\k-meleon\k-meleon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\igajon\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
F0 - system.ini: Shell=Explorer1.exe
F2 - REG:system.ini: Shell=Explorer1.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\FpLaunch.dll
O2 - BHO: Megaupload Toolbar - {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Regrun2] D:\REGRUN~1\WatchDog.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: K-Meleon Loader.lnk = D:\k-meleon\loader.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10452 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>

S0 partizan - c:\windows\system32\drivers\partizan.sys (file missing)
S3 catchme - c:\docume~1\igajon\locals~1\temp\catchme.sys (file missing)
S3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S2 wltrysvc (Dell Wireless WLAN Tray Service) - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1390 WLAN Mini-Card
Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0
Manufacturer: Broadcom
Name: Dell Wireless 1390 WLAN Mini-Card
PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0
Service: BCM43XX


-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-10 21:37:25 0 d--h----- C:\$AVG8.VAULT$
2008-06-10 21:26:04 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-10 21:25:57 0 d-------- C:\Program Files\AVG
2008-06-10 21:25:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-10 16:18:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-06-10 16:17:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\MEGAUPLOADTOOLBAR
2008-06-10 15:48:22 6889472 --a------ C:\WINDOWS\system32\DIV
2008-06-10 14:11:02 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-06-10 06:31:21 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-10 06:28:47 0 d-------- C:\Documents and Settings\igajon\Application Data\TmpRecentIcons
2008-06-06 06:21:17 0 d-------- C:\Documents and Settings\igajon\Application Data\K-Meleon
2008-06-03 05:23:51 0 d-------- C:\Program Files\Anvsoft
2008-06-01 15:00:07 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-01 15:00:07 0 d-------- C:\Program Files\Common Files\SourceTec
2008-05-25 10:00:01 0 d-------- C:\Documents and Settings\igajon\Application Data\Thunderbird
2008-05-25 09:59:50 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-23 20:58:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\K-Meleon
2008-05-23 20:56:48 0 d-------- C:\WINDOWS\ERUNT
2008-05-23 16:43:53 0 d-------- C:\Documents and Settings\igajon\Application Data\?ymantec
2008-05-22 09:07:45 0 d-------- C:\Documents and Settings\igajon\Application Data\M?crosoft.NET
2008-05-21 09:27:22 0 d-------- C:\Program Files\MegauploadToolbar
2008-05-21 09:27:22 0 d-------- C:\Documents and Settings\igajon\Application Data\MegauploadToolbar
2008-05-20 23:02:19 0 d-------- C:\WINDOWS\.jagex_cache_32
2008-05-17 10:34:23 0 d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-05-16 21:33:32 0 d-------- C:\Documents and Settings\igajon\Application Data\Move Networks
2008-05-16 15:51:37 528 --a------ C:\WINDOWS\eReg.dat
2008-05-15 14:45:22 0 d-------- C:\Program Files\iPod
2008-05-15 14:45:12 0 d-------- C:\Program Files\iTunes
2008-05-15 14:41:46 0 d-------- C:\Program Files\QuickTime
2008-05-13 17:21:10 0 d-------- C:\Program Files\Freecorder
2008-05-13 17:18:24 0 d-------- C:\WINDOWS\Freecorder Toolbar
2008-05-13 17:18:23 0 d-------- C:\Program Files\Freecorder Toolbar
2008-05-11 17:37:34 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 17:34:49 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-11 17:15:57 0 d-------- C:\Program Files\Bonjour
2008-05-11 17:07:37 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-11 00:28:27 0 d-------- C:\Program Files\Registry Workshop


-- Find3M Report ---------------------------------------------------------------

2008-06-10 22:19:22 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-10 21:37:34 0 d-------- C:\Documents and Settings\igajon\Application Data\M?crosoft.NET
2008-06-10 06:27:23 0 d-------- C:\Documents and Settings\igajon\Application Data\OpenOffice.org2
2008-06-03 04:44:39 0 d-------- C:\Program Files\Hotspot Shield
2008-06-02 23:26:56 0 d-------- C:\Documents and Settings\igajon\Application Data\Skype
2008-06-02 12:26:59 0 d-------- C:\Documents and Settings\igajon\Application Data\skypePM
2008-06-01 15:00:07 0 d-------- C:\Program Files\Common Files
2008-05-28 11:02:25 0 d-------- C:\Program Files\Digsby
2008-05-23 16:43:53 0 d-------- C:\Documents and Settings\igajon\Application Data\?ymantec
2008-05-19 13:10:50 0 d-------- C:\Documents and Settings\igajon\Application Data\Adobe
2008-05-11 17:27:15 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-10 23:55:38 0 d-------- C:\Documents and Settings\igajon\Application Data\VMware
2008-05-10 23:54:27 181303 --ahs---- C:\WINDOWS\system32\hkUxaGgh.ini2
2008-05-10 01:35:14 0 d-------- C:\Program Files\K-Meleon
2008-05-10 01:13:31 0 d-------- C:\Program Files\RocketDock
2008-05-09 22:44:30 0 d-------- C:\Program Files\Microsoft Virtual PC
2008-05-08 16:59:58 0 d-------- C:\Program Files\AIMTunes
2008-05-08 15:56:30 0 d-------- C:\Program Files\Movie Maker
2008-05-08 15:48:48 0 d-------- C:\Program Files\StartMenuEx
2008-05-08 15:21:15 296 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-08 15:21:12 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-08 15:21:12 42434 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-05-08 05:46:32 0 d-------- C:\Program Files\BitComet
2008-05-07 21:56:58 0 d-------- C:\Documents and Settings\igajon\Application Data\AD ON Multimedia
2008-05-07 21:56:57 6226 --a------ C:\WINDOWS\unins000.dat
2008-05-07 21:56:29 683801 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
2008-05-04 16:30:24 0 d-------- C:\Program Files\Aston2 Menu
2008-05-04 16:30:06 0 d-------- C:\Program Files\Azureus
2008-05-04 16:26:24 0 d-------- C:\Documents and Settings\igajon\Application Data\Aston
2008-05-04 16:26:22 0 --a------ C:\Program Files\AstonWriteTest.txt
2008-05-04 12:46:57 0 d-------- C:\Documents and Settings\igajon\Application Data\ReactOS
2008-05-04 00:35:17 0 d-------- C:\Documents and Settings\igajon\Application Data\Hamachi
2008-05-04 00:27:51 10896 --a------ C:\WINDOWS\mozver.dat
2008-05-04 00:09:02 32 --a------ C:\WINDOWS\go
2008-05-04 00:01:18 0 d-------- C:\Documents and Settings\igajon\Application Data\Azureus
2008-05-03 20:33:15 0 d-------- C:\Program Files\iPig
2008-04-25 13:21:41 0 d-------- C:\Documents and Settings\igajon\Application Data\Flock
2008-04-24 22:17:58 0 d-------- C:\Documents and Settings\igajon\Application Data\Mozilla
2008-04-24 17:19:03 335 --a------ C:\WINDOWS\nsreg.dat
2008-04-24 17:18:52 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-04-24 17:18:41 118784 --a------ C:\WINDOWS\GREUninstall.exe
2008-04-24 17:18:29 0 d-------- C:\Program Files\mozilla.org
2008-04-21 08:17:34 0 d-------- C:\Documents and Settings\igajon\Application Data\Canon
2008-04-19 18:51:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-19 18:49:18 0 d-------- C:\Program Files\Opera
2008-04-19 00:27:59 0 d-------- C:\Documents and Settings\igajon\Application Data\Opera
2008-04-11 07:02:56 0 d-------- C:\Program Files\Canon
2008-04-11 06:58:36 0 d-------- C:\Documents and Settings\igajon\Application Data\ScanSoft
2008-04-11 06:58:30 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-04-11 06:58:30 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-11 06:58:05 0 d-------- C:\Program Files\ScanSoft
2008-04-11 06:57:05 0 d-------- C:\Program Files\Common Files\CANON
2008-04-11 06:54:51 0 d--h----- C:\Program Files\CanonBJ
2008-03-20 20:23:01 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2008-03-20 20:23:01 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-03-20 12:23:38 4096 --a------ C:\WINDOWS\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 13:48: VIRUS ALERT!]
"Resume copy"="copyfstq.exe" [03/24/2002 13:54: VIRUS ALERT! C:\WINDOWS\COPYFSTQ.EXE]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 21:48: VIRUS ALERT!]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 18:41: VIRUS ALERT!]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 11:22: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25: VIRUS ALERT!]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/03/2007 18:50: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37: VIRUS ALERT!]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36: VIRUS ALERT!]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/10/2008 21:25: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 14:00: VIRUS ALERT!]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [11/14/2007 12:54: VIRUS ALERT!]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 13:58: VIRUS ALERT!]
"Regrun2"="D:\REGRUN~1\WatchDog.exe" []

C:\Documents and Settings\igajon\Start Menu\Programs\Startup\
K-Meleon Loader.lnk - D:\k-meleon\loader.exe [4/16/2007 2:41:00 AM]
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [5/9/2008 12:50:09 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableRegistryTools "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGaxUkh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^igajon^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\igajon\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"C:\Program Files\Gadu-Gadu\gg.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent]
D:\Jon\Desktop\notes\AlterNet Chomsky The Assault on Democracy_files\HTV\HTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Organizer]
"C:\Program Files\Organizer\Organizer.exe" t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPNClient]
C:\Program Files\iPig\Client\ipigclient.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-06-11 08:52:31 ------------







Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2060 @ 1.60GHz
CPU 1: Genuine Intel® CPU T2060 @ 1.60GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1022.37 MiB / 511.79 MiB
Pagefile Memory (total/avail): 2458.08 MiB / 2066.76 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.98 MiB

C: is Fixed (NTFS) - 20 GiB total, 2.76 GiB free.
D: is Fixed (NTFS) - 91.73 GiB total, 26.16 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200BEVS-75RST0 - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 20 GiB - C:
\PARTITION2 - Installable File System - 91.73 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Program Files\\Digsby\\digsby.exe"="C:\\Program Files\\Digsby\\digsby.exe:*:Enabled:Digsby IM"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"D:\\Jon\\Desktop\\notes\\AlterNet Chomsky The Assault on Democracy_files\\KGB\\Mpk.exe"="D:\\Jon\\Desktop\\notes\\AlterNet Chomsky The Assault on Democracy_files\\KGB\\Mpk.exe:*:Enabled:TCP\\IP"
"D:\\Jon\\Desktop\\notes\\AlterNet Chomsky The Assault on Democracy_files\\KGB\\MpkView.exe"="D:\\Jon\\Desktop\\notes\\AlterNet Chomsky The Assault on Democracy_files\\KGB\\MpkView.exe:*:Enabled:TCP\\IP"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\iPig\\Client\\ipigclient.exe"="C:\\Program Files\\iPig\\Client\\ipigclient.exe:*:Enabled:iPig Client"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\WINDOWS\\system32\\lkmslw.exe"="C:\\WINDOWS\\system32\\lkmslw.exe:*:Disabled:lkmslw"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\igajon\\Desktop\\cs2d\\CounterStrike2D.exe"="C:\\Documents and Settings\\igajon\\Desktop\\cs2d\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\igajon\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SARA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\igajon
LOGONSERVER=\\SARA
NewEnvironment1=C:\Program Files\ATI Technologies\ATI.ACE\
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\igajon\LOCALS~1\Temp
TMP=C:\DOCUME~1\igajon\LOCALS~1\Temp
USERDOMAIN=SARA
USERNAME=igajon
USERPROFILE=C:\Documents and Settings\igajon
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

igajon (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AbsoluteTransfer --> "C:\Program Files\AbsoluteTransfer\Uninstall.exe"
Add or Remove Adobe Creative Suite 3 Master Collection --> C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Setup --> MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIMTunes --> C:\Program Files\AIMTunes\Uninstall.exe
Anvsoft iPod Photo Slideshow 1.10 --> "C:\Program Files\Anvsoft\iPod Photo Slideshow\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitComet 0.99 --> C:\Program Files\BitComet\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP210 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series /L0x0015
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FlipViewer 2.2.5 --> "C:\Program Files\E-Book Systems\FlipViewer\uninst.exe"
FREE Hi-Q Recorder 1.92 --> "C:\Program Files\FREE Hi-Q Recorder\unins000.exe"
Free Sound Recorder v6.2 --> "C:\Program Files\Free Sound Recorder\unins000.exe"
FreeCommander 2007.10a --> "C:\Program Files\FreeCommander\unins000.exe"
Freecorder Toolbar 3.01 Application --> "C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
Gadu-Gadu 7.7 --> C:\Program Files\Gadu-Gadu\Setup.exe
Grand Theft Auto Vice City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotspot Shield 1.04 --> C:\Program Files\Hotspot Shield\Uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Mega Codec Pack 3.8.0 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
K-Meleon 1.1.5 en-US (remove only) --> D:\k-meleon\uninstall.exe
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Magic ISO Maker v5.4 (build 0256) --> D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93 --> D:\PROGRA~1\MAGICD~1\UNWISE.EXE D:\PROGRA~1\MAGICD~1\INSTALL.LOG
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0415-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300415-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business --> MsiExec.exe /I{91130415-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\igajon\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Registry Workshop --> "C:\Program Files\Registry Workshop\uninstall.exe"
Rejestracja użytkownika drukarki Canon MP210 series --> C:\Program Files\Canon\IJEREG\MP210 series\UNINST.EXE
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
ScanSoft OmniPage SE 4 --> MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
SeaMonkey (1.1.9) --> C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.9 (en)"
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x15 -remove -removeonly
SimCity™ Societies --> MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sothink SWF Quicker --> "D:\Sothink SWF Quicker\unins000.exe"
SubEdit-Player --> "C:\Program Files\SubEdit-Player\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TotalCopy 1.2 (Luki Edition) --> C:\WINDOWS\iun6002.exe "C:\WINDOWS\irunin.ini"
TVUPlayer 2.3.5.4 --> C:\Program Files\TVUPlayer\uninst.exe
Uninstall KkMenu docklet for Stardock Object Dock --> "C:\Program Files\RocketDock\Docklets\ObjectDock\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VMware Workstation --> MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type532 / Error
Event Submitted/Written: 06/11/2008 08:43:57 AM
Event ID/Source: 100 / vmauthd
Event Description:
Cannot find perfmon object in array returned by perfDLL, index=0

Event Record #/Type524 / Error
Event Submitted/Written: 06/11/2008 08:23:55 AM
Event ID/Source: 100 / vmauthd
Event Description:
Cannot find perfmon object in array returned by perfDLL, index=0

Event Record #/Type516 / Error
Event Submitted/Written: 06/11/2008 08:16:04 AM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Event Record #/Type515 / Error
Event Submitted/Written: 06/11/2008 08:16:04 AM
Event ID/Source: 3012 / LoadPerf
Event Description:
The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Event Record #/Type513 / Error
Event Submitted/Written: 06/11/2008 08:14:03 AM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9575 / Error
Event Submitted/Written: 06/11/2008 08:43:48 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
partizan

Event Record #/Type9574 / Error
Event Submitted/Written: 06/11/2008 08:43:00 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Dell Wireless WLAN Tray Service service failed to start due to the following error:
%%2

Event Record #/Type9570 / Error
Event Submitted/Written: 06/11/2008 08:42:13 AM / 06/11/2008 08:42:40 AM
Event ID/Source: 4307 / NetBT
Event Description:
Initialization failed because the transport refused to open initial Addresses.

Event Record #/Type9541 / Error
Event Submitted/Written: 06/11/2008 08:23:24 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
partizan

Event Record #/Type9540 / Error
Event Submitted/Written: 06/11/2008 08:22:34 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Dell Wireless WLAN Tray Service service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-06-11 08:52:31 ------------



I ran SDFIX, RegRun and AVG early this morning before I got your reply, It killed a bunch of stuff, but I still get the "VIRUS ALERT!" message, and my start menu still won't let me got to programs or anything. I attached a screenshot. Registry Editing is still disabled by administrator, yet I can get to the taskmanager with CTRL+ALT+DEL now. Hope you find something in these logs thanks!

Attached Thumbnails

  • screenshot.jpeg

  • 0

#4
lenglain
Posted 11 June 2008 - 01:00 AM

lenglain

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Oh and i had to change the name of Explorer.exe a while back because it kept refreshing every 2 seconds and terminating. I tried changing it to Explorer1.exe and all those problems were solved. That's why it says "Explorer1.exe"
  • 0

#5
lenglain
Posted 11 June 2008 - 10:13 AM

lenglain

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
UPDATE: With Sdfix, RegRun and AVG I managed to get rid of many of my problems, but some remained. I never heard of MBAM, but It seems that it gave the final coup-de-grace to to this super-moronic, assholish-waste-of-a-[bleep]-computer-geek's-time. My Computer SEEMS clean. I am worried however as I just ran a scan and used various process explorers without my kgb keylogger showing up even though it's recording my keystrokes right this minute. Could there be other such hidden processes? Here is the final log: from mbam and one from hijack this clone:


Malwarebytes' Anti-Malware 1.17
Database version: 846

4:21:10 PM 6/11/2008
mbam-log-6-11-2008 (16-21-10).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 194216
Time elapsed: 1 hour(s), 13 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 10
Registry Data Items Infected: 12
Folders Infected: 1
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\absolutetransfer.absolutetransfer.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ba54428f-6991-4b01-9b8c-011306c0e5da} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fa8be6d5-40e0-48b8-b317-18a4a590918a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e5b39ba-aca4-4b52-b2c2-1901df0a1b64} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\absolutetransfer.absolutetransfer (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1150f4c7-7396-4cea-b963-07fa0f62344c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.bqtv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71a89949-ed21-440a-8be0-34e6fdd67580} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2587f5f9-bcdf-4076-98ef-afc65c5bd816} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3f37eca-a8d9-4633-92c6-fe24c7d16aba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c5da9ce1-22db-4f02-b4cd-c476a454847e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\Source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-339-1829636-22375) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\igajon\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
C:\System Volume Information\_restore{49BB5EA3-7354-4A0E-94F1-16FF9CE1E7BA}\RP149\A0064201.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49BB5EA3-7354-4A0E-94F1-16FF9CE1E7BA}\RP149\A0064210.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\SDFix\backups_old\Yazzle1560OinUninstaller.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\SDFix\backups_old\UnInstall.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\Documents and Settings\igajon\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49BB5EA3-7354-4A0E-94F1-16FF9CE1E7BA}\RP148\A0064195.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LJJYOFDD.DLL.del (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49BB5EA3-7354-4A0E-94F1-16FF9CE1E7BA}\RP149\A0064206.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\igajon\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49BB5EA3-7354-4A0E-94F1-16FF9CE1E7BA}\RP149\A0064211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\block2\serial.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49BB5EA3-7354-4A0E-94F1-16FF9CE1E7BA}\RP149\A0064207.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49BB5EA3-7354-4A0E-94F1-16FF9CE1E7BA}\RP149\A0064208.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{49BB5EA3-7354-4A0E-94F1-16FF9CE1E7BA}\RP149\A0064209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VTUKLLMM.DLL.del (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\block2\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.












Deckard's System Scanner v20071014.68
Run by igajon on 2008-06-11 18:13:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 2.72 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-11 18:13:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer1.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\RocketDock\RocketDock.exe
D:\k-meleon\loader.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
D:\k-meleon\k-meleon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\igajon\Desktop\dss.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F0 - system.ini: Shell=Explorer1.exe
F2 - REG:system.ini: Shell=Explorer1.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\FpLaunch.dll
O2 - BHO: Megaupload Toolbar - {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: K-Meleon Loader.lnk = D:\k-meleon\loader.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe
O24 - Desktop Component 0: Privacy Protection -

--
End of file - 9646 bytes

-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-11 16:30:06 0 d-------- C:\Program Files\Security Task Manager
2008-06-11 14:30:29 0 d-------- C:\Documents and Settings\igajon\Application Data\Malwarebytes
2008-06-11 14:30:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-11 14:30:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 21:37:25 0 d--h----- C:\$AVG8.VAULT$
2008-06-10 21:26:04 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-10 21:25:57 0 d-------- C:\Program Files\AVG
2008-06-10 21:25:57 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-10 16:18:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-06-10 16:17:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\MEGAUPLOADTOOLBAR
2008-06-10 15:48:22 6889472 --a------ C:\WINDOWS\system32\DIV
2008-06-10 14:11:02 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-06-10 06:31:21 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-10 06:28:47 0 d-------- C:\Documents and Settings\igajon\Application Data\TmpRecentIcons
2008-06-06 06:21:17 0 d-------- C:\Documents and Settings\igajon\Application Data\K-Meleon
2008-06-03 05:23:51 0 d-------- C:\Program Files\Anvsoft
2008-06-01 15:00:07 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-01 15:00:07 0 d-------- C:\Program Files\Common Files\SourceTec
2008-05-25 10:00:01 0 d-------- C:\Documents and Settings\igajon\Application Data\Thunderbird
2008-05-25 09:59:50 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-23 20:58:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\K-Meleon
2008-05-23 20:56:48 0 d-------- C:\WINDOWS\ERUNT
2008-05-23 16:43:53 0 d-------- C:\Documents and Settings\igajon\Application Data\?ymantec
2008-05-22 09:07:45 0 d-------- C:\Documents and Settings\igajon\Application Data\M?crosoft.NET
2008-05-21 09:27:22 0 d-------- C:\Program Files\MegauploadToolbar
2008-05-21 09:27:22 0 d-------- C:\Documents and Settings\igajon\Application Data\MegauploadToolbar
2008-05-20 23:02:19 0 d-------- C:\WINDOWS\.jagex_cache_32
2008-05-17 10:34:23 0 d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-05-16 21:33:32 0 d-------- C:\Documents and Settings\igajon\Application Data\Move Networks
2008-05-16 15:51:37 528 --a------ C:\WINDOWS\eReg.dat
2008-05-15 14:45:22 0 d-------- C:\Program Files\iPod
2008-05-15 14:45:12 0 d-------- C:\Program Files\iTunes
2008-05-15 14:41:46 0 d-------- C:\Program Files\QuickTime
2008-05-13 17:21:10 0 d-------- C:\Program Files\Freecorder
2008-05-13 17:18:24 0 d-------- C:\WINDOWS\Freecorder Toolbar
2008-05-13 17:18:23 0 d-------- C:\Program Files\Freecorder Toolbar
2008-05-11 17:37:34 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 17:34:49 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-11 17:15:57 0 d-------- C:\Program Files\Bonjour
2008-05-11 17:07:37 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-11 00:28:27 0 d-------- C:\Program Files\Registry Workshop


-- Find3M Report ---------------------------------------------------------------

2008-06-11 15:54:39 0 d-------- C:\Documents and Settings\igajon\Application Data\Skype
2008-06-11 15:41:51 0 d-------- C:\Documents and Settings\igajon\Application Data\skypePM
2008-06-11 09:50:46 0 d-------- C:\Documents and Settings\igajon\Application Data\OpenOffice.org2
2008-06-10 22:19:22 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-10 21:37:34 0 d-------- C:\Documents and Settings\igajon\Application Data\M?crosoft.NET
2008-06-03 04:44:39 0 d-------- C:\Program Files\Hotspot Shield
2008-06-01 15:00:07 0 d-------- C:\Program Files\Common Files
2008-05-28 11:02:25 0 d-------- C:\Program Files\Digsby
2008-05-23 16:43:53 0 d-------- C:\Documents and Settings\igajon\Application Data\?ymantec
2008-05-19 13:10:50 0 d-------- C:\Documents and Settings\igajon\Application Data\Adobe
2008-05-11 17:27:15 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-10 23:55:38 0 d-------- C:\Documents and Settings\igajon\Application Data\VMware
2008-05-10 23:54:27 181303 --ahs---- C:\WINDOWS\system32\hkUxaGgh.ini2
2008-05-10 01:35:14 0 d-------- C:\Program Files\K-Meleon
2008-05-10 01:13:31 0 d-------- C:\Program Files\RocketDock
2008-05-09 22:44:30 0 d-------- C:\Program Files\Microsoft Virtual PC
2008-05-08 16:59:58 0 d-------- C:\Program Files\AIMTunes
2008-05-08 15:56:30 0 d-------- C:\Program Files\Movie Maker
2008-05-08 15:48:48 0 d-------- C:\Program Files\StartMenuEx
2008-05-08 15:21:15 296 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-08 15:21:12 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-08 15:21:12 42434 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-05-08 05:46:32 0 d-------- C:\Program Files\BitComet
2008-05-07 21:56:58 0 d-------- C:\Documents and Settings\igajon\Application Data\AD ON Multimedia
2008-05-07 21:56:57 6226 --a------ C:\WINDOWS\unins000.dat
2008-05-07 21:56:29 683801 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
2008-05-04 16:30:24 0 d-------- C:\Program Files\Aston2 Menu
2008-05-04 16:30:06 0 d-------- C:\Program Files\Azureus
2008-05-04 16:26:24 0 d-------- C:\Documents and Settings\igajon\Application Data\Aston
2008-05-04 16:26:22 0 --a------ C:\Program Files\AstonWriteTest.txt
2008-05-04 12:46:57 0 d-------- C:\Documents and Settings\igajon\Application Data\ReactOS
2008-05-04 00:35:17 0 d-------- C:\Documents and Settings\igajon\Application Data\Hamachi
2008-05-04 00:27:51 10896 --a------ C:\WINDOWS\mozver.dat
2008-05-04 00:09:02 32 --a------ C:\WINDOWS\go
2008-05-04 00:01:18 0 d-------- C:\Documents and Settings\igajon\Application Data\Azureus
2008-05-03 20:33:15 0 d-------- C:\Program Files\iPig
2008-04-25 13:21:41 0 d-------- C:\Documents and Settings\igajon\Application Data\Flock
2008-04-24 22:17:58 0 d-------- C:\Documents and Settings\igajon\Application Data\Mozilla
2008-04-24 17:19:03 335 --a------ C:\WINDOWS\nsreg.dat
2008-04-24 17:18:52 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-04-24 17:18:41 118784 --a------ C:\WINDOWS\GREUninstall.exe
2008-04-24 17:18:29 0 d-------- C:\Program Files\mozilla.org
2008-04-21 08:17:34 0 d-------- C:\Documents and Settings\igajon\Application Data\Canon
2008-04-19 18:51:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-19 18:49:18 0 d-------- C:\Program Files\Opera
2008-04-19 00:27:59 0 d-------- C:\Documents and Settings\igajon\Application Data\Opera
2008-04-11 07:02:56 0 d-------- C:\Program Files\Canon
2008-04-11 06:58:36 0 d-------- C:\Documents and Settings\igajon\Application Data\ScanSoft
2008-04-11 06:58:30 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-04-11 06:58:30 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-11 06:58:05 0 d-------- C:\Program Files\ScanSoft
2008-04-11 06:57:05 0 d-------- C:\Program Files\Common Files\CANON
2008-04-11 06:54:51 0 d--h----- C:\Program Files\CanonBJ
2008-03-20 20:23:01 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2008-03-20 20:23:01 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-03-20 12:23:38 4096 --a------ C:\WINDOWS\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 01:48 PM]
"Resume copy"="copyfstq.exe" [03/24/2002 01:54 PM C:\WINDOWS\COPYFSTQ.EXE]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 09:48 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 06:41 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 11:22 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/03/2007 06:50 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/10/2008 09:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 PM]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [11/14/2007 12:54 PM]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM]

C:\Documents and Settings\igajon\Start Menu\Programs\Startup\
K-Meleon Loader.lnk - D:\k-meleon\loader.exe [4/16/2007 2:41:00 AM]
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [5/9/2008 12:50:09 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableRegistryTools "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogOff"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGaxUkh

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^igajon^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\igajon\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"C:\Program Files\Gadu-Gadu\gg.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTV Agent]
D:\Jon\Desktop\notes\AlterNet Chomsky The Assault on Democracy_files\HTV\HTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Organizer]
"C:\Program Files\Organizer\Organizer.exe" t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPNClient]
C:\Program Files\iPig\Client\ipigclient.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-06-11 18:13:54 ------------
  • 0

#6
Ness
Posted 12 June 2008 - 08:22 PM

Ness

    Banned

  • Banned
  • PipPipPip
  • 673 posts
Hello again lenglain

That's why it says "Explorer1.exe"

Yea, I was worried about that.

UPDATE: With Sdfix, RegRun and AVG

Well that basically fixed everything I was about to help you with :)

1. Update Java
------------------------------------------------

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    Downloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

2. Clean Temporary Files
------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

3. Kaspersky Online Scan
------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

In your next post
------------------------------------------------
  • Kaspersky Log

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP