Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo, Lowzones and Metajuan [RESOLVED]

Started by Ojrules , Jun 11 2008 05:41 AM

  • This topic is locked This topic is locked

#1
Ojrules
Posted 11 June 2008 - 05:41 AM

Ojrules

    Member

  • Member
  • PipPip
  • 11 posts
Hello,

I first detected the Trojan.Vundo virus when my symantec auto protect came up. Also Spybot teatimer was constantly popping up with various registry keys wanting to be changed. (denied them all). Next I attempted to use Vundofix to no avail. Following I used Virtumondo be gone. This hasnt worked either. At current moment my Auto protect is filled with Lowzones, Metajuan and Vundo.

Then I discovered these forums and followed you Malware removal guide.

VBG - Log below

[06/10/2008, 13:00:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\owen\Desktop\VirtumundoBeGone.exe" )
[06/10/2008, 13:00:23] - Detected System Information:
[06/10/2008, 13:00:23] - Windows Version: 5.0.2195, Service Pack 4
[06/10/2008, 13:00:23] - Current Username: owen (Admin)
[06/10/2008, 13:00:23] - Windows is in SAFE mode.
[06/10/2008, 13:00:23] - Searching for Browser Helper Objects:
[06/10/2008, 13:00:23] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[06/10/2008, 13:00:23] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/10/2008, 13:00:23] - BHO 3: {21C63899-6532-40D7-8379-7ED788B98D28} ()
[06/10/2008, 13:00:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:23] - Checking for HKLM\...\Winlogon\Notify\efcYOfCv
[06/10/2008, 13:00:23] - Found: HKLM\...\Winlogon\Notify\efcYOfCv - This is probably Virtumundo.
[06/10/2008, 13:00:23] - Assigning {21C63899-6532-40D7-8379-7ED788B98D28} MSEvents Object
[06/10/2008, 13:00:23] - BHO list has been changed! Starting over...
[06/10/2008, 13:00:23] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[06/10/2008, 13:00:23] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/10/2008, 13:00:23] - BHO 3: {21C63899-6532-40D7-8379-7ED788B98D28} (MSEvents Object)
[06/10/2008, 13:00:23] - ALERT: Found MSEvents Object!
[06/10/2008, 13:00:23] - BHO 4: {21c7c7ae-4908-4de8-aec2-9451e93c8c93} ()
[06/10/2008, 13:00:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:23] - Checking for HKLM\...\Winlogon\Notify\hcwukfdw
[06/10/2008, 13:00:23] - Key not found: HKLM\...\Winlogon\Notify\hcwukfdw, continuing.
[06/10/2008, 13:00:23] - BHO 5: {23465A85-14BF-4765-A127-4C3FBC0776B0} ()
[06/10/2008, 13:00:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:23] - Checking for HKLM\...\Winlogon\Notify\qoMcawtt
[06/10/2008, 13:00:23] - Key not found: HKLM\...\Winlogon\Notify\qoMcawtt, continuing.
[06/10/2008, 13:00:23] - BHO 6: {514A5C49-0C7D-42c3-A71B-38864A269B7A} ()
[06/10/2008, 13:00:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:23] - Checking for HKLM\...\Winlogon\Notify\qalckcux
[06/10/2008, 13:00:23] - Key not found: HKLM\...\Winlogon\Notify\qalckcux, continuing.
[06/10/2008, 13:00:23] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/10/2008, 13:00:23] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 13:00:23] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/10/2008, 13:00:23] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 13:00:23] - BHO 11: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/10/2008, 13:00:23] - Finished Searching Browser Helper Objects
[06/10/2008, 13:00:23] - *** Detected MSEvents Object
[06/10/2008, 13:00:23] - Trying to remove MSEvents Object...
[06/10/2008, 13:00:24] - Terminating Process: IEXPLORE.EXE
[06/10/2008, 13:00:24] - Terminating Process: RUNDLL32.EXE
[06/10/2008, 13:00:24] - Disabling Automatic Shell Restart
[06/10/2008, 13:00:24] - Terminating Process: EXPLORER.EXE
[06/10/2008, 13:00:25] - Suspending the NT Session Manager System Service
[06/10/2008, 13:00:25] - Terminating Windows NT Logon/Logoff Manager
[06/10/2008, 13:00:25] - Re-enabling Automatic Shell Restart
[06/10/2008, 13:00:25] - File to disable: C:\WINNT\system32\efcYOfCv.dll
[06/10/2008, 13:00:25] - Renaming C:\WINNT\system32\efcYOfCv.dll -> C:\WINNT\system32\efcYOfCv.dll.vir
[06/10/2008, 13:00:25] - File successfully renamed!
[06/10/2008, 13:00:25] - Removing HKLM\...\Browser Helper Objects\{21C63899-6532-40D7-8379-7ED788B98D28}
[06/10/2008, 13:00:25] - Removing HKCR\CLSID\{21C63899-6532-40D7-8379-7ED788B98D28}
[06/10/2008, 13:00:25] - Adding Kill Bit for ActiveX for GUID: {21C63899-6532-40D7-8379-7ED788B98D28}
[06/10/2008, 13:00:25] - Deleting ATLEvents/MSEvents Registry entries
[06/10/2008, 13:00:25] - Removing HKLM\...\Winlogon\Notify\efcYOfCv
[06/10/2008, 13:00:25] - Searching for Browser Helper Objects:
[06/10/2008, 13:00:25] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[06/10/2008, 13:00:25] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/10/2008, 13:00:25] - BHO 3: {21c7c7ae-4908-4de8-aec2-9451e93c8c93} ()
[06/10/2008, 13:00:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:25] - Checking for HKLM\...\Winlogon\Notify\hcwukfdw
[06/10/2008, 13:00:25] - Key not found: HKLM\...\Winlogon\Notify\hcwukfdw, continuing.
[06/10/2008, 13:00:25] - BHO 4: {23465A85-14BF-4765-A127-4C3FBC0776B0} ()
[06/10/2008, 13:00:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:25] - Checking for HKLM\...\Winlogon\Notify\qoMcawtt
[06/10/2008, 13:00:25] - Key not found: HKLM\...\Winlogon\Notify\qoMcawtt, continuing.
[06/10/2008, 13:00:25] - BHO 5: {514A5C49-0C7D-42c3-A71B-38864A269B7A} ()
[06/10/2008, 13:00:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:00:25] - Checking for HKLM\...\Winlogon\Notify\qalckcux
[06/10/2008, 13:00:25] - Key not found: HKLM\...\Winlogon\Notify\qalckcux, continuing.
[06/10/2008, 13:00:25] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/10/2008, 13:00:25] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 13:00:25] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/10/2008, 13:00:25] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 13:00:25] - BHO 10: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/10/2008, 13:00:25] - Finished Searching Browser Helper Objects
[06/10/2008, 13:00:25] - Finishing up...
[06/10/2008, 13:00:25] - A restart is needed.
[06/10/2008, 13:00:40] - Attempting to Restart via STOP error (Blue Screen!)

[06/10/2008, 13:06:26] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\owen\Desktop\VirtumundoBeGone.exe" )
[06/10/2008, 13:06:28] - Detected System Information:
[06/10/2008, 13:06:28] - Windows Version: 5.0.2195, Service Pack 4
[06/10/2008, 13:06:28] - Current Username: owen (Admin)
[06/10/2008, 13:06:28] - Windows is in SAFE mode.
[06/10/2008, 13:06:28] - Searching for Browser Helper Objects:
[06/10/2008, 13:06:28] - BHO 1: {0194174F-9183-43C6-8101-2EB80D1CB60B} ()
[06/10/2008, 13:06:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:06:28] - Checking for HKLM\...\Winlogon\Notify\qoMcawtt
[06/10/2008, 13:06:28] - Key not found: HKLM\...\Winlogon\Notify\qoMcawtt, continuing.
[06/10/2008, 13:06:28] - BHO 2: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[06/10/2008, 13:06:28] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/10/2008, 13:06:28] - BHO 4: {514A5C49-0C7D-42c3-A71B-38864A269B7A} ()
[06/10/2008, 13:06:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:06:28] - Checking for HKLM\...\Winlogon\Notify\qalckcux
[06/10/2008, 13:06:28] - Key not found: HKLM\...\Winlogon\Notify\qalckcux, continuing.
[06/10/2008, 13:06:28] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/10/2008, 13:06:28] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 13:06:28] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/10/2008, 13:06:28] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 13:06:28] - BHO 9: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/10/2008, 13:06:28] - BHO 10: {fc8011a2-cf0e-4533-9924-08a2a7544ccc} ()
[06/10/2008, 13:06:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:06:28] - Checking for HKLM\...\Winlogon\Notify\dybfljrn
[06/10/2008, 13:06:28] - Key not found: HKLM\...\Winlogon\Notify\dybfljrn, continuing.
[06/10/2008, 13:06:28] - Finished Searching Browser Helper Objects
[06/10/2008, 13:06:28] - Finishing up...
[06/10/2008, 13:06:28] - Nothing found! Exiting...

[06/10/2008, 13:06:56] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\owen\Desktop\VirtumundoBeGone.exe" )
[06/10/2008, 13:06:57] - Detected System Information:
[06/10/2008, 13:06:57] - Windows Version: 5.0.2195, Service Pack 4
[06/10/2008, 13:06:57] - Current Username: owen (Admin)
[06/10/2008, 13:06:57] - Windows is in SAFE mode.
[06/10/2008, 13:06:57] - Searching for Browser Helper Objects:
[06/10/2008, 13:06:57] - BHO 1: {0194174F-9183-43C6-8101-2EB80D1CB60B} ()
[06/10/2008, 13:06:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:06:57] - Checking for HKLM\...\Winlogon\Notify\qoMcawtt
[06/10/2008, 13:06:57] - Key not found: HKLM\...\Winlogon\Notify\qoMcawtt, continuing.
[06/10/2008, 13:06:57] - BHO 2: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[06/10/2008, 13:06:57] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/10/2008, 13:06:57] - BHO 4: {514A5C49-0C7D-42c3-A71B-38864A269B7A} ()
[06/10/2008, 13:06:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:06:57] - Checking for HKLM\...\Winlogon\Notify\qalckcux
[06/10/2008, 13:06:57] - Key not found: HKLM\...\Winlogon\Notify\qalckcux, continuing.
[06/10/2008, 13:06:57] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/10/2008, 13:06:57] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 13:06:57] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/10/2008, 13:06:57] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/10/2008, 13:06:57] - BHO 9: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[06/10/2008, 13:06:57] - BHO 10: {fc8011a2-cf0e-4533-9924-08a2a7544ccc} ()
[06/10/2008, 13:06:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 13:06:57] - Checking for HKLM\...\Winlogon\Notify\dybfljrn
[06/10/2008, 13:06:57] - Key not found: HKLM\...\Winlogon\Notify\dybfljrn, continuing.
[06/10/2008, 13:06:57] - Finished Searching Browser Helper Objects
[06/10/2008, 13:06:57] - Finishing up...
[06/10/2008, 13:06:57] - Nothing found! Exiting...


ATF - Done
Malware Bytes - Done - Log below

Malwarebytes' Anti-Malware 1.16
Database version: 845

14:00:47 10/06/2008
mbam-log-6-10-2008 (14-00-47).txt

Scan type: Quick Scan
Objects scanned: 41362
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\system32\qoMcawtt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\ttwacMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.


Superantispyware - Done - Log below

SUPERAntiSpyware Scan Log
Generated 06/10/2008 at 03:08 PM

Application Version : 3.6.1000

Core Rules Database Version : 3478
Trace Rules Database Version: 1469

Scan type : Complete Scan
Total Scan Time : 01:04:34

Memory items scanned : 455
Memory threats detected : 0
Registry items scanned : 6061
Registry threats detected : 0
File items scanned : 41972
File threats detected : 4

Adware.AdRotator/AdsSite
C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS\NSBROWSEROPT.DLL
C:\WINNT\SYSTEM32\ADSSITE-REMOVE.EXE

Adware.Vundo Variant
C:\WINNT\SYSTEM32\JKBNHUFN.DLL

Adware.AdRotator/SuperiorAds
C:\WINNT\SYSTEM32\SUPERIORADS-UNINST.EXE


Panda activescan didn't really work for me. It found lots but for free would only delete one thing. And I couldnt find a link the the log. Sorry.

Finally my hijack this Log and Uninstall list.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:55, on 11/06/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINNT\system32\VNICMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Firefox\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\owen\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {ccc4457a-2a80-4299-3354-e0fc2a1108cf} - {fc8011a2-cf0e-4533-9924-08a2a7544ccc} - C:\WINNT\system32\dybfljrn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\Firefox\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1179862530895
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINNT\SYSTEM32\VundoFixSVC.exe

--
End of file - 10245 bytes


Uninstall list

Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 6.0.1
Adobe Shockwave Player 11
Apple Software Update
ArchAngel
ASIO4ALL
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.4
AVIedit 3.38
AviTricks Classic version 1.65
Battlefield 2™
Broadband Help
BroadJump Client Foundation
Browser Optimizer Dcads
Browser Optimizer Superiorads
Bulent's Screen Recorder
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Dcads Games Collection
Digimax Master
Disc2Phone
Disney Pirates of the Caribbean Online
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
D-Link VGA Webcam
Drift City
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX4000_4050_CX3900
Far Cry
Firefox Preloader
FL Studio 7
Flash Saving Plugin
Free Audio Dub version 1.3
Free iPod Video Converter 1.34
Free Video to iPod Converter version 2.5
Free YouTube Download 2.1
Free YouTube to iPod Converter version 2.8
Free YouTube to Mp3 Converter version 2.5
FreeStyle Street Basketball™
Game Cam v1.4
Google Earth
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Grand Prix Championship 2
Grand Theft Auto
Half-Life® 2
Halo Server
HammerHead Rhythm Station
Handbrake 2.4.1
HijackThis 2.0.2
Hotfix for MDAC 2.53 (KB927779)
ijji - Gunz
ijji Auto Installer
IL Download Manager
Internet Explorer Q903235
IrfanView (remove only)
iTunes
Jahshaka
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Kate's Video Cutter 2.8.4
KB Piano v.2.2.4
KhalSetup
KRISTAL Audio Engine
LEGO Digital Designer
LimeWire 4.14.10
LiveUpdate 3.0 (Symantec Corporation)
Logitech SetPoint
Macromedia Flash MX 2004
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Halo
Microsoft Halo Custom Edition
Microsoft Internet Explorer 6 SP1
Microsoft Office Converter Pack
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MidiMeow 1.03 v2
MIKSOFT Mobile 3GP converter
mIRC
MixVibes STANDARD 6 uninstall
Mozilla Firefox (2.0.0.14)
Mozilla Thunderbird (2.0.0.12)
MS Access 97 SP2
MSN Messenger 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
msxml4
MTV's Virtual Worlds (remove only)
MUSIC PLAYER
Nero Suite
Notation Musician 2.4.2 (Trial Version)
OpenLibraries
OpenMG Limited Patch 3.3-03-09-03-01
OpenMG Secure Module 3.3.01
Opera 9.21
Opera 9.22
Opera 9.23
Ots CD Scratch 1200 1.00.044
Panda ActiveScan 2.0
Pcsx2 0.9.2 Watermoose
Photo Gadget Viewer
PIF DESIGNER
Pivot Stickfigure Animator
QuickTime
Ralink Wireless LAN Card
RealPlayer
RGSS-RTP Standard
Rightonadz Browser Optimizer
RPGXP
S500/S600 USB Driver
SCAR Divi CDE 3.12c
Security Update for DirectX 9 (KB941568)
Security Update for Windows 2000 (KB904706)
Security Update for Windows 2000 (KB923689)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Shockwave
SimCity 3000 UK Edition
SolveigMM AVI Trimmer
Sony ACID XPress 5.0a
Sony Ericsson PC Suite
Spybot - Search & Destroy
Star Wars JK II Jedi Outcast
Steam™
Stop Motion Animator 1.1.XP
SUPERAntiSpyware Free Edition
Symantec Client Security
t@b ZS4 Video Editor v0.958-686
Tablet
TeamSpeak 2 RC2
Transport Tycoon Deluxe
Trillian
UniDream PowerBatch
Uninstall 1.0.0.0
Update Rollup 1 for Windows 2000 SP4
VIA Audio Driver Setup Program
VIA NIC ControlSet
VIA Rhine-Family Fast Ethernet Adapter
Virtual DJ - Atomix Productions
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921503
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB932168
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937143
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB938829
Windows 2000 Hotfix - KB939653
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB941693
Windows 2000 Hotfix - KB942615
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB944533
Windows 2000 Hotfix - KB945553
Windows 2000 Hotfix - KB947864
Windows 2000 Hotfix - KB948590
Windows 2000 Hotfix - KB948881
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinRAR archiver
Xfire (remove only)
Yahoo! Messenger
Yahoo! Toolbar
ZoneAlarm



Ok. This computer is used by the whole family. Two sons let fairly loose. Any advice or help would be greatly appreciated. Thankyou in advance.

Owen
  • 0

Advertisements

#2
Mike
Posted 14 June 2008 - 06:05 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there sorry for the delay :)

We get tons of logs each day and some inevitably slip through the cracks.

Since it has been a few days I would like to get a fresh log from you.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.
  • 0

#3
Ojrules
Posted 14 June 2008 - 06:11 AM

Ojrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Its fine =]

Thanks.

Heres main.txt

Deckard's System Scanner v20071014.68
Run by owen on 2008-06-14 13:12:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as owen.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14:36, on 14/06/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\WTablet\TabUserW.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINNT\system32\VNICMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Firefox\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\owen\Desktop\dss.exe
C:\DOCUME~1\owen\Desktop\owen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\Firefox\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1179862530895
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINNT\SYSTEM32\VundoFixSVC.exe

--
End of file - 9860 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\WINNT\system32\WScript.exe,3
.js - JSFile - shell\open\command - C:\WINNT\system32\WScript.exe "%1" %*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.vbs - VBSFile - DefaultIcon - C:\WINNT\system32\WScript.exe,2
.vbs - VBSFile - shell\open\command - C:\WINNT\system32\WScript.exe "%1" %*
.vbs - VBSFile - shell\edit\command - C:\WINNT\system32\Notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\winnt\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\winnt\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\winnt\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 VIAPFD - c:\winnt\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\winnt\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 LBeepKE - c:\winnt\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
R2 STEC3 - c:\winnt\system32\stec3.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - c:\winnt\system32\drivers\bvrpmpr5.sys <Not Verified; BVRP Software; BVRPNDIS Rawether for Windows>
S3 jatmlano - c:\docume~1\owen\locals~1\temp\jatmlano.sys (file missing)
S3 ovt519 (EyeToy) - c:\winnt\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ISSVC (IS Service) - c:\program files\symantec client security\symantec client firewall\issvc.exe

S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-10 11:43:05 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-13 19:22:21 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3ec.dat
2008-06-12 18:43:11 0 d-------- C:\Program Files\wolf
2008-06-10 14:32:44 0 d-------- C:\Program Files\Panda Security
2008-06-10 14:01:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-10 14:01:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-10 14:01:27 0 d-------- C:\Documents and Settings\owen\Application Data\SUPERAntiSpyware.com
2008-06-10 14:01:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 13:46:40 743790 ---h----- C:\WINNT\ShellIconCache
2008-06-10 13:21:57 0 d-------- C:\Documents and Settings\owen\Application Data\Malwarebytes
2008-06-10 13:21:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 13:21:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 12:53:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_248.dat
2008-06-10 12:33:43 0 d-------- C:\HJT
2008-06-10 12:18:54 0 d-------- C:\Program Files\Trend Micro
2008-05-30 10:09:22 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_434.dat
2008-05-22 14:13:23 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_430.dat
2008-05-19 09:47:29 124928 --a------ C:\WINNT\system32\xvjojwyy.dll
2008-05-19 09:30:58 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_400.dat
2008-05-18 12:26:22 24576 --a------ C:\WINNT\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-05-18 11:54:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_46c.dat
2008-05-18 09:44:27 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_42c.dat
2008-05-15 18:38:25 133120 --a------ C:\WINNT\system32\ppbmpsci.dll
2008-05-15 18:31:26 125952 --a------ C:\WINNT\system32\ivsuajeu.dll
2008-05-15 18:20:13 885239 --ahs---- C:\WINNT\system32\UENTwyxx.ini2
2008-05-15 17:26:50 133120 --a------ C:\WINNT\system32\sfikpdmd.dll
2008-05-15 17:24:56 125952 --a------ C:\WINNT\system32\bmqbushi.dll
2008-05-14 19:42:07 0 d-------- C:\VundoFix Backups
2008-05-14 19:33:13 625843 --ahs---- C:\WINNT\system32\Xyaaayxx.ini2


-- Find3M Report ---------------------------------------------------------------

2008-06-13 23:50:57 40 --a------ C:\WINNT\system32\profile.dat
2008-06-11 11:26:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-10 14:32:39 0 d-------- C:\Program Files\Steam
2008-06-10 14:01:07 0 d-a------ C:\Program Files\Common Files
2008-06-10 13:21:38 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-19 10:00:25 21848 --a------ C:\Documents and Settings\owen\Application Data\GDIPFONTCACHEV1.DAT
2008-05-18 09:44:10 772433 --ahs---- C:\WINNT\system32\PpYcdccf.ini2
2008-05-12 20:27:31 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3f4.dat
2008-05-11 20:33:18 0 d-------- C:\Program Files\Notation
2008-05-11 20:31:08 0 d-------- C:\Documents and Settings\owen\Application Data\uTorrent
2008-05-10 15:39:06 0 d-------- C:\Program Files\VirtualDJ
2008-05-09 17:15:24 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-09 17:15:16 0 d-------- C:\Program Files\Common Files\Real
2008-05-07 16:48:18 0 d-------- C:\Program Files\Rockstar Games
2008-05-07 16:48:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 21:28:46 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2e8.dat
2008-05-04 18:24:49 0 d-------- C:\Documents and Settings\owen\Application Data\Google
2008-05-04 18:24:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3e4.dat
2008-04-29 23:49:25 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_57c.dat
2008-04-28 22:02:03 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_a50.dat
2008-04-24 18:41:06 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-04-24 18:41:04 0 d-------- C:\Program Files\Sony
2008-04-20 19:57:55 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-20 19:09:49 0 d-------- C:\Program Files\Java
2008-04-19 13:38:49 0 d-------- C:\Program Files\Firefox
2008-04-19 12:57:04 0 d---s---- C:\Program Files\Xfire
2008-04-15 16:19:19 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-04-15 16:19:07 0 d-------- C:\Program Files\DVDVideoSoft
2008-04-14 17:38:56 0 d-------- C:\Documents and Settings\owen\Application Data\Xfire
2008-04-13 15:43:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_438.dat
2008-04-08 14:59:50 4212 --ah----- C:\WINNT\system32\zllictbl.dat
2008-03-30 23:40:17 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3cc.dat
2008-03-22 10:11:41 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_464.dat
2008-03-15 20:43:12 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_448.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [19/06/03 20:05 C:\WINNT\system32\mobsync.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [28/10/03 21:10 ]
"LoadQM"="loadqm.exe" [03/05/00 17:23 C:\WINNT\loadqm.exe]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [09/07/01 11:50 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/07 09:41 ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [27/04/07 11:25 ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [24/03/06 17:14 ]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [15/06/06 01:40 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/07 04:00 ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [24/11/06 01:06 ]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [27/01/03 17:16 ]
"NIC Monitor"="VNICMon.exe" [30/05/02 21:31 C:\WINNT\system32\VNICMon.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/03/08 23:11 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [07/12/99 13:00 C:\WINNT\system32\internat.exe]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [04/09/07 16:40 ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [22/06/07 11:37 ]
"Steam"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [14/06/08 12:37 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [25/05/2007 18:25:33]
Firefox Preloader.lnk - C:\Program Files\Firefox\FirefoxPreloader\FirefoxPreloader.exe [19/04/2008 13:38:49]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [15/03/2008 06:53:13]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [19/05/2007 22:56:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [14/06/08 12:37 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 14/06/08 12:37 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

6360 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-14 13:15:17 ------------


  • 0

#4
Ojrules
Posted 14 June 2008 - 06:12 AM

Ojrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Heres extra.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 1023.48 MiB / 442.35 MiB
Pagefile Memory (total/avail): 2457.52 MiB / 1923.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1958.85 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 16.81 GiB free.
D: is CDROM (No Media)
F: is Fixed (NTFS) - 4.86 GiB total, 0 GiB free.
G: is Fixed (NTFS) - 2.98 GiB total, 0 GiB free.

\\.\PHYSICALDRIVE0 - ST380021A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE1 - ST38410A - 7.87 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 4.86 GiB - F:
\PARTITION1 - Extended w/Extended Int 13 - 2.98 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\owen\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTERSAYSNO
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\owen
LOGONSERVER=\\COMPUTERSAYSNO
MLT_REPOSITORY=C:\Program Files\Jahshaka\..\mlt\share\mlt\modules
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Jahshaka\..\gtk2\bin;C:\Program Files\Jahshaka\..\mlt\bin;C:\Program Files\OpenLibraries\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONPATH=C:\Program Files\OpenLibraries\python
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\owen\LOCALS~1\Temp
TMP=C:\DOCUME~1\owen\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=COMPUTERSAYSNO
USERNAME=owen
USERPROFILE=C:\Documents and Settings\owen
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

julie (admin)
owen (admin)
fraser (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player 11 --> C:\WINNT\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArchAngel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D3A3F3F-8A37-4BDC-B3AE-72FC99D9C316}\setup.exe" -l0x9
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINNT\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
AVIedit 3.38 --> C:\Documents and Settings\fraser\My Documents\Frasers files\Private\Programs\UnGins.exe "C:\Documents and Settings\fraser\My Documents\Frasers files\Private\Programs\install.log"
AviTricks Classic version 1.65 --> "C:\Program Files\Bobyte\AviTricks Classic\unins000.exe"
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Broadband Help --> MsiExec.exe /I{01B6480D-3937-4E82-AB2C-8E4C591BEFE5}
BroadJump Client Foundation --> C:\WINNT\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Browser Optimizer Dcads --> C:\WINNT\system32\dcads-remove.exe
Bulent's Screen Recorder --> C:\Program Files\Screen Recorder\Uninstall BSR.exe
Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and ConquerTM Generals Zero Hour --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
D-Link VGA Webcam --> C:\WINNT\CleanDev.exe C:\WINNT\ov519.TXT
Dcads Games Collection --> C:\Program Files\Dcads Games Collection\uninstall.exe
Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drift City --> "F:\driftcity\uninstall.exe"
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Printer Software --> C:\WINNT\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESDX4000_4050_CX3900 --> C:\Program Files\EPSON\TPMANUAL\ESDX4000_4050_CX3900\USE_G\DOCUNINS.EXE
Fake Webcam 3.9.0 --> "F:\Random\Fake Webcam\unins000.exe"
Firefox Preloader --> "C:\Program Files\Firefox\FirefoxPreloader\unins000.exe"
FL Studio 7 --> C:\Program Files\Fruityloops\uninstall.exe
Flash Saving Plugin --> "C:\Program Files\UnH Solutions\Flash Saving Plugin\unins000.exe"
Free Audio Dub version 1.3 --> "C:\Program Files\DVDVideoSoft\Free Audio Dub\unins000.exe"
Free iPod Video Converter 1.34 --> "C:\Program Files\Free iPod Video Converter\unins000.exe"
Free Video to iPod Converter version 2.5 --> "C:\Program Files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"
Free YouTube Download 2.1 --> "C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
Free YouTube to iPod Converter version 2.8 --> "C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Free YouTube to Mp3 Converter version 2.5 --> "C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FreeStyle Street Basketball™ --> C:\Program Files\InstallShield Installation Information\{E192E363-0D29-4D22-B034-F2E457CC0660}\setup.exe -runfromtemp -l0x0009 -removeonly
Game Cam v1.4 --> MsiExec.exe /I{EBE7050B-7988-4BC3-BBFD-5C6828859483}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Grand Prix Championship 2 --> "C:\Program Files\Grand Prix Championship 2\uninstall.exe"
Grand Theft Auto --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Rockstar Games\Grand Theft Auto\Uninst.isu"
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Halo Server --> "C:\Program Files\Microsoft Games\Halo Server\UNINSTAL.EXE" /runtemp /addremove
HammerHead Rhythm Station --> C:\Program Files\HammerHead\Uninstall.exe
Handbrake 2.4.1 --> C:\Program Files\Handbrake\uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji - Gunz --> C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Internet Explorer Q903235 --> C:\WINNT\ieuninst.exe C:\WINNT\INF\Q903235.inf
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
Jahshaka --> C:\Program Files\Jahshaka\uninst-jahshaka.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kate's Video Cutter 2.8.4 --> "C:\Program Files\Kate's Video Cutter\unins000.exe"
KB Piano v.2.2.4 --> C:\Program Files\KB Piano 2\uninstall.exe
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
KRISTAL Audio Engine --> C:\Program Files\Kreatives.org\KRISTAL Audio Engine\Uninstall.exe
LEGO Digital Designer --> C:\Program Files\LEGO Company\LEGO Digital Designer\Uninstall.exe
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Halo --> "F:\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Halo Custom Edition --> "F:\Halo CE\Uninstal.exe" /runtemp /addremove
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Office Converter Pack --> MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
MidiMeow 1.03 v2 --> "F:\midimeow\MidiMeow\unins000.exe"
MIKSOFT Mobile 3GP converter --> "C:\Program Files\MIKSOFT\Mobile 3GP converter\unins000.exe"
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MixVibes STANDARD 6 uninstall --> C:\Program Files\MixVibes6\uninstall.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MS Access 97 SP2 --> C:\Program Files\Microsoft Office\setup\setup.exe
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
msxml4 --> MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}
MTV's Virtual Worlds (remove only) --> "C:\Program Files\Virtual Laguna Beach\VLBClientUninst.exe"
MUSIC PLAYER --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9887D344-9F27-40BA-8D07-08ECCB96D924}\Setup.exe" -l0x9 UNINSTALL
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setup.exe /uninstall ExtraUninstallID=""
Notation Musician 2.4.2 (Trial Version) --> C:\Program Files\Notation\Uninst_Notation Musician 2.4.2 (Trial Version).exe /U "C:\Program Files\Notation\Uninst_Notation Musician 2.4.2 (Trial Version).log"
OpenLibraries --> C:\Program Files\OpenLibraries\uninst-openlibraries.exe
OpenMG Limited Patch 3.3-03-09-03-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.3-03-09-03-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.3.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}\Setup.exe" -l0x9 UNINSTALL
Opera 9.21 --> MsiExec.exe /X{AF599832-2305-4922-9342-6FF48894E384}
Opera 9.22 --> MsiExec.exe /X{7AF56274-3D8C-4CCE-AD7A-25FD4D27B9F3}
Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}
Ots CD Scratch 1200 1.00.044 --> "C:\WINNT\OTS_UI.EXE" "C:\OtsLabs\OtsCDS.osi"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pcsx2 0.9.2 Watermoose --> "C:\Program Files\Pcsx2\unins000.exe"
Photo Gadget Viewer --> "C:\Program Files\XemiComputers\Photo Gadget Viewer\unins000.exe"
PIF DESIGNER --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
Pivot Stickfigure Animator --> MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Rightonadz Browser Optimizer --> C:\WINNT\system32\gzmrot-uninst.exe
RPGXP --> MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
S500/S600 USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{514DF7BB-D192-417C-BB60-58BF1FD34253}\Setup.exe" anything
SCAR Divi CDE 3.12c --> "C:\Program Files\SCAR 3.12\unins000.exe"
Security Update for DirectX 9 (KB941568) --> "C:\WINNT\$NtUninstallKB941568_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB904706) --> "C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB923689) --> "C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569) --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Shockwave --> C:\WINNT\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~2\INSTALL.LOG
SimCity 3000 UK Edition --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000 UK Edition\DeIsL1.isu" -c"C:\Program Files\Maxis\SimCity 3000 UK Edition\_UnInstall.dll"
SolveigMM AVI Trimmer --> "C:\Program Files\Solveig Multimedia\SolveigMM AVI Trimmer\Uninstall.exe" "C:\Program Files\Solveig Multimedia\SolveigMM AVI Trimmer\install.log" -u
Sony ACID XPress 5.0a --> MsiExec.exe /X{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}
Sony Ericsson PC Suite --> MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars JK II Jedi Outcast --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stop Motion Animator 1.1.XP --> "C:\Program Files\Stop Motion Animator\setup\setup.exe" /u
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Client Security --> MsiExec.exe /I{C20729A4-C8C2-4DE3-94BE-5E3A2E9EFB63}
t@b ZS4 Video Editor v0.958-686 --> "C:\Program Files\t@b\unins000.exe"
Tablet --> C:\Program Files\Tablet\Remove.exe /u
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Transport Tycoon Deluxe --> C:\WINNT\UniFISH.exe Transport Tycoon Deluxe
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
UniDream PowerBatch --> "C:\Program Files\UniDream PowerBatch\unins000.exe"
Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINNT\IsUninst.exe -f"C:\PROGRA~1\VIAAUD~1/Uninst.isu"
VIA NIC ControlSet --> C:\WINNT\IsUninst.exe -f"C:\Program Files\VIA\NIC ControlSet\Uninst_VNIC.isu" -c"C:\Program Files\VIA\NIC ControlSet\VNICu.dll"
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~2\UNWISE.EXE C:\PROGRA~1\VIRTUA~2\INSTALL.LOG
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinRAR archiver --> F:\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2378 / Error
Event Submitted/Written: 06/11/2008 00:18:55 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Trojan.LowZones in File: C:\WINNT\system32\sraitjdq.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type2377 / Error
Event Submitted/Written: 06/11/2008 00:18:55 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Trojan.LowZones in File: C:\WINNT\system32\sraitjdq.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type2376 / Error
Event Submitted/Written: 06/11/2008 00:18:21 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Trojan.LowZones in File: C:\WINNT\system32\oysavfdm.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type2375 / Error
Event Submitted/Written: 06/11/2008 00:18:21 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Risk Found!Risk: Trojan.LowZones in File: C:\WINNT\system32\oysavfdm.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Event Record #/Type2374 / Error
Event Submitted/Written: 06/11/2008 00:18:21 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Risk: Trojan.LowZones in File: C:\WINNT\system32\oysavfdm.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13876 / Warning
Event Submitted/Written: 06/14/2008 00:35:37 PM
Event ID/Source: 2013 / Srv
Event Description:
The G: disk is at or near capacity. You may need to delete some files.

Event Record #/Type13875 / Warning
Event Submitted/Written: 06/14/2008 00:35:37 PM
Event ID/Source: 2013 / Srv
Event Description:
The F: disk is at or near capacity. You may need to delete some files.

Event Record #/Type13874 / Error
Event Submitted/Written: 06/14/2008 00:30:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The TrueVector Internet Monitor service failed to start due to the following error:
%%1053

Event Record #/Type13873 / Error
Event Submitted/Written: 06/14/2008 00:30:13 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.

Event Record #/Type13870 / Warning
Event Submitted/Written: 06/14/2008 00:29:20 PM / 06/14/2008 00:29:50 PM
Event ID/Source: 1005 / SAVRT
Event Description:
Auto-Protect could not scan file C:\WINNT\System32\ati3duag.dll for viruses due to low kernel stack.



-- End of Deckard's System Scanner: finished at 2008-06-14 13:15:17 ------------


  • 0

#5
Ojrules
Posted 14 June 2008 - 06:19 AM

Ojrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Im terribly sorry but im off to work now. Ill be back at 7:30 so please dont close the topic =]

Thanks in advance.

Owen
  • 0

#6
Mike
Posted 14 June 2008 - 10:23 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

You won't get rid of me so fast :) I only close a thread after 10 days of inactivity so no worries there, we all know life comes first.

Please follow my instructions in the order they were given, if you come across something you don't understand or don't feel comfortable doing, don't hesitate to ask and I will get you sorted out :)
If you cannot complete a step in my instructions, please skip it and continue with the rest of my instructions and tell me in your next reply which one you were having trouble with.

You currentely have two firewalls running, ZoneAlarm and Symantec. I will need you to uninstall one of them as having more than one can actually lower your security and seriously slow down your computer.

If you choose to remove Symantec be aware that you will need to install another AntiVirus. I recommend the free AntiVir.

Step 1. Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Step 2. Running OTMoveIt2

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [Kill Explorer]
C:\WINNT\system32\xvjojwyy.dll
C:\WINNT\system32\ppbmpsci.dll
C:\WINNT\system32\ivsuajeu.dll
C:\WINNT\system32\UENTwyxx.ini2
C:\WINNT\system32\sfikpdmd.dll
C:\WINNT\system32\bmqbushi.dll
C:\WINNT\system32\Xyaaayxx.ini2
C:\Documents and Settings\owen\Application Data\GDIPFONTCACHEV1.DAT
C:\WINNT\system32\PpYcdccf.ini2
HKLM\SYSTEM\CurrentControlSet\Services\jatmlano
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
HKEY_CLASSES_ROOT\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
EmptyTemp
[Start Explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step 3. Running MalwareByte's Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 4. Running Kaspersky Online Virusscaner

Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
  • In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
  • When you get the Windows dialog asking if you want to install this software, click the "Install" button.
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
  • Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

Re-run Deckards System Scanner as well and post back with Main.txt.


In your next reply

Please post the log from OTMoveIt2.
Please post the log from MBAM.
Please post the log from Kaspersky.
Also Main.txt from Deckards' System Scanner.

If the logs are to big to fit in one reply please spread them out over multiple replies.

Edited by Mike, 14 June 2008 - 10:23 AM.

  • 0

#7
Ojrules
Posted 15 June 2008 - 06:20 AM

Ojrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok done them all. Just to say, the layout for Kaspersky isnt the same anymore. Theres no progress bar, next button or scan settings option to choose an extended scan. Thanks in advance.

OTmoveit2

Explorer killed successfully
DllUnregisterServer procedure not found in C:\WINNT\system32\xvjojwyy.dll
C:\WINNT\system32\xvjojwyy.dll NOT unregistered.
C:\WINNT\system32\xvjojwyy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINNT\system32\ppbmpsci.dll
C:\WINNT\system32\ppbmpsci.dll NOT unregistered.
C:\WINNT\system32\ppbmpsci.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINNT\system32\ivsuajeu.dll
C:\WINNT\system32\ivsuajeu.dll NOT unregistered.
C:\WINNT\system32\ivsuajeu.dll moved successfully.
C:\WINNT\system32\UENTwyxx.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINNT\system32\sfikpdmd.dll
C:\WINNT\system32\sfikpdmd.dll NOT unregistered.
C:\WINNT\system32\sfikpdmd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINNT\system32\bmqbushi.dll
C:\WINNT\system32\bmqbushi.dll NOT unregistered.
C:\WINNT\system32\bmqbushi.dll moved successfully.
C:\WINNT\system32\Xyaaayxx.ini2 moved successfully.
C:\Documents and Settings\owen\Application Data\GDIPFONTCACHEV1.DAT moved successfully.
C:\WINNT\system32\PpYcdccf.ini2 moved successfully.
< HKLM\SYSTEM\CurrentControlSet\Services\jatmlano >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jatmlano\\ deleted successfully.
< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} >
Registry key HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\\ deleted successfully.
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a} >
Registry key HKEY_CLASSES_ROOT\CLSID\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\\ not found.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06142008_203224


Edited by Ojrules, 15 June 2008 - 06:23 AM.

  • 0

#8
Ojrules
Posted 15 June 2008 - 06:22 AM

Ojrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
MBAM

Malwarebytes' Anti-Malware 1.16
Database version: 845

00:13:28 15/06/2008
mbam-log-6-15-2008 (00-13-25).txt

Scan type: Quick Scan
Objects scanned: 41356
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


  • 0

#9
Ojrules
Posted 15 June 2008 - 06:22 AM

Ojrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 15, 2008
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 15, 2008 07:40:47
Records in database: 865912
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\

Scan statistics:
Files scanned: 125124
Threat name: 16
Infected objects: 29
Suspicious objects: 0
Duration of the scan: 03:17:32


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03AC0000.VBN Infected: not-a-virus:AdWare.Win32.TrafficSol.o 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03AC0000.VBN Infected: not-a-virus:AdWare.Win32.BHO.adj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03AC0000.VBN Infected: not-a-virus:AdWare.Win32.BHO.ww 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05580000\47DBECDE.VBN Infected: Trojan-Downloader.SWF.Gida.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06340000\4E7FAF40.VBN Infected: Trojan.Win32.LowZones.gb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06340001\4E7FB20D.VBN Infected: Trojan.Win32.LowZones.gb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06340002\4E7FB357.VBN Infected: Trojan.Win32.LowZones.gb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06340003\4E7FB45C.VBN Infected: Trojan.Win32.LowZones.gb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06340004\4E7FB47D.VBN Infected: Trojan.Win32.LowZones.gb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06340005\4E7FB49F.VBN Infected: Trojan.Win32.LowZones.gb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06340006\4E7FB4C0.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.tbs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06340007\4E7FB4E3.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.tro 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06340008\4E7FB51C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.tro 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06340009\4E7FB53F.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0634000A\4E7FB563.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.tro 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06700000\47F1CE41.VBN Infected: Trojan-Downloader.JS.Agent.bkr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06700001\47F1CEA9.VBN Infected: Trojan-Downloader.JS.Agent.bkq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880000\4EA89D90.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\069C0000\4EBC6427.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.mju 1
C:\Documents and Settings\fraser\Local Settings\Temp\Rar$EX03.355\Keygen.exe Infected: Trojan.Win32.Zapchast.gb 1
C:\Documents and Settings\fraser\My Documents\Downloads\install_virtualdj_v5+Crack.zip Infected: Trojan.Win32.Zapchast.gb 1
C:\Documents and Settings\owen\Desktop\BRIEFSHIT\Crap video\mirc63.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1
C:\WINNT\system32\efcYOfCv.dll.vir Infected: Trojan.Win32.Zapchast.gb 1
C:\_OTMoveIt\MovedFiles\06142008_203224\WINNT\system32\bmqbushi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rsp 1
C:\_OTMoveIt\MovedFiles\06142008_203224\WINNT\system32\ivsuajeu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rsp 1
C:\_OTMoveIt\MovedFiles\06142008_203224\WINNT\system32\ppbmpsci.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trg 1
C:\_OTMoveIt\MovedFiles\06142008_203224\WINNT\system32\sfikpdmd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trg 1
C:\_OTMoveIt\MovedFiles\06142008_203224\WINNT\system32\xvjojwyy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.srg 1

The selected area was scanned.


  • 0

#10
Ojrules
Posted 15 June 2008 - 06:23 AM

Ojrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
dss

Deckard's System Scanner v20071014.68
Run by owen on 2008-06-15 13:26:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as owen.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:42, on 15/06/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\WTablet\TabUserW.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINNT\system32\VNICMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Firefox\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Documents and Settings\owen\Local Settings\Temp\jkos-owen\binaries\ScanningProcess.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\owen\Desktop\dss.exe
C:\DOCUME~1\owen\Desktop\owen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\Firefox\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1179862530895
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINNT\SYSTEM32\VundoFixSVC.exe

--
End of file - 9189 bytes

-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-14 20:28:58 0 d-------- C:\Program Files\Java
2008-06-14 20:28:54 0 d-------- C:\Program Files\Common Files\Java
2008-06-13 19:22:21 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3ec.dat
2008-06-12 18:43:11 0 d-------- C:\Program Files\wolf
2008-06-10 14:32:44 0 d-------- C:\Program Files\Panda Security
2008-06-10 14:01:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-10 14:01:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-10 14:01:27 0 d-------- C:\Documents and Settings\owen\Application Data\SUPERAntiSpyware.com
2008-06-10 14:01:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 13:46:40 920844 ---h----- C:\WINNT\ShellIconCache
2008-06-10 13:21:57 0 d-------- C:\Documents and Settings\owen\Application Data\Malwarebytes
2008-06-10 13:21:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 13:21:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 12:53:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_248.dat
2008-06-10 12:33:43 0 d-------- C:\HJT
2008-06-10 12:18:54 0 d-------- C:\Program Files\Trend Micro
2008-05-30 10:09:22 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_434.dat
2008-05-22 14:13:23 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_430.dat
2008-05-19 09:30:58 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_400.dat
2008-05-18 12:26:22 24576 --a------ C:\WINNT\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-05-18 11:54:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_46c.dat
2008-05-18 09:44:27 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_42c.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-14 21:05:09 40 --a------ C:\WINNT\system32\profile.dat
2008-06-14 20:28:54 0 d-a------ C:\Program Files\Common Files
2008-06-11 11:26:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-10 14:32:39 0 d-------- C:\Program Files\Steam
2008-06-10 13:21:38 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-12 20:27:31 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3f4.dat
2008-05-11 20:33:18 0 d-------- C:\Program Files\Notation
2008-05-11 20:31:08 0 d-------- C:\Documents and Settings\owen\Application Data\uTorrent
2008-05-10 15:39:06 0 d-------- C:\Program Files\VirtualDJ
2008-05-09 17:15:24 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-09 17:15:16 0 d-------- C:\Program Files\Common Files\Real
2008-05-07 16:48:18 0 d-------- C:\Program Files\Rockstar Games
2008-05-07 16:48:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 21:28:46 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2e8.dat
2008-05-04 18:24:49 0 d-------- C:\Documents and Settings\owen\Application Data\Google
2008-05-04 18:24:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3e4.dat
2008-04-29 23:49:25 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_57c.dat
2008-04-28 22:02:03 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_a50.dat
2008-04-24 18:41:06 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-04-24 18:41:04 0 d-------- C:\Program Files\Sony
2008-04-20 19:57:55 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-19 13:38:49 0 d-------- C:\Program Files\Firefox
2008-04-19 12:57:04 0 d---s---- C:\Program Files\Xfire
2008-04-15 16:19:19 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-04-15 16:19:07 0 d-------- C:\Program Files\DVDVideoSoft
2008-04-13 15:43:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_438.dat
2008-04-08 14:59:50 4212 --ah----- C:\WINNT\system32\zllictbl.dat
2008-03-30 23:40:17 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3cc.dat
2008-03-22 10:11:41 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_464.dat
2008-03-15 20:43:12 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_448.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [19/06/03 20:05 C:\WINNT\system32\mobsync.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [28/10/03 21:10 ]
"LoadQM"="loadqm.exe" [03/05/00 17:23 C:\WINNT\loadqm.exe]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [09/07/01 11:50 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/04/07 09:41 ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [27/04/07 11:25 ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [24/03/06 17:14 ]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [15/06/06 01:40 ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [24/11/06 01:06 ]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [27/01/03 17:16 ]
"NIC Monitor"="VNICMon.exe" [30/05/02 21:31 C:\WINNT\system32\VNICMon.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/08 04:28 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [07/12/99 13:00 C:\WINNT\system32\internat.exe]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [04/09/07 16:40 ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [22/06/07 11:37 ]
"Steam"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [14/06/08 12:37 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [25/05/2007 18:25:33]
Firefox Preloader.lnk - C:\Program Files\Firefox\FirefoxPreloader\FirefoxPreloader.exe [19/04/2008 13:38:49]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [15/03/2008 06:53:13]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [19/05/2007 22:56:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [14/06/08 12:37 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 14/06/08 12:37 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-06-15 13:27:05 ------------


  • 0

Advertisements

#11
Mike
Posted 15 June 2008 - 07:37 AM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Thanks for the logs, also thank you for the heads up regarding the Kaspersky Scan. Everyone updates things too often to keep up :)

You should aviod cracks, Kaspersky revealed that VirtualDj is infected.

Delete everything in this folder:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

You didn't let MBAM fix the item it found, please re-run it as I had instructed above.

Step 1. Running OTMoveIt2

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\fraser\Local Settings\Temp\Rar$EX03.355\Keygen.exe
C:\Documents and Settings\fraser\My Documents\Downloads\install_virtualdj_v5+Crack.zip
C:\WINNT\system32\efcYOfCv.dll.vir
EmptyTemp
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

And your logs look clean :)

Step 2. Running CleanUp!

Let's remove the tools I had you use.

Please open OTMoveIt2:
  • Double click OTMoveIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.

The below steps have some important tips on how to stay safe and keep up-to-date, so be sure to read it!

Step 3. Flushing old Restore Points and creating a new one

Right-click on "My Computer." The "System Properties" dialogue box will appear, showing a number of tabs. From here you can reset System Restore and configure Automatic Updates.

First, click the System Restore tab.

* Check the box beside "Turn off System Restore"
* Click "Apply"
* At the prompt, click "Yes"

Wait while your system deletes existing Restore Points, this may take a few moments.

* Uncheck the box beside "Turn off System Restore"
* Click "Apply"
* At the prompt, click "Yes"

Your system will now create a new Restore Point.

Step 4. Configuring Automatic Updates

Click the Automatic Updates tab. Choose the update option that best suits your needs, but be sure that Automatic Updates is not turned off. Windows XP will now notify you and download important updates and security patches as they become available.
Click "OK" to save your new settings and close the System Properties dialogue.

Step 5. Preventing future infection

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
http://www.spywarewa...uc/resource.htm

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.o...oducts/firefox/

Also make sure to run your antivirus software regularly, and to keep it up-to-date.

There are many programs that can be used for your protection, most falling within the three main categories of anti-virus, anti-spyware and firewall. Please be careful to never run more than one program of the same category in resident mode, as conflicts between the different programs can actually decrease your protection.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :)

Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.
  • 0

#12
Ojrules
Posted 15 June 2008 - 11:35 AM

Ojrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok I've followed all of those steps. Malware bytes didnt find anything this time =S

OT move it didnt produce a log or ask to reboot, I hope thats ok.

As far as I know I have no restore points or automatic updates with windows 2k?
I believe very rarely something may pop up about an update.

Im using firefox and... Spybot.

Is the combo of Spybot, the Malwarebytes anti malware and Superantispyware effective enough as a combo?

Or should I get the ones mentioned above?

Sorry about all the questions...

Dont want it happening again =P

Thanks for all yuor help. Been great.

Owen
  • 0

#13
Mike
Posted 15 June 2008 - 12:57 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
What you have is fine :)

Your right, there is no system restore on windows 2000 :)

Just remember to keep the programs up-to-date and have safe surfing habits (i.e not going to suspicious sites, not opening files that you don't know...)

Any more questions?

Edited by Mike, 15 June 2008 - 12:59 PM.

  • 0

#14
Ojrules
Posted 15 June 2008 - 02:53 PM

Ojrules

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
You've settled my worried mind perfectly =]

Thankyou very much for your help.

Keeping more protection.

Thanks.

Owen.
  • 0

#15
Mike
Posted 15 June 2008 - 03:04 PM

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
I'm glad I could help :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP