Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista Antivirus 2008, PC Health, temp\install-privacy-danger.bat

Started by Byggarebob , Jul 12 2008 05:07 PM

  • This topic is locked This topic is locked

#16
kahdah
Posted 13 July 2008 - 04:02 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

Advertisements

#17
Byggarebob
Posted 14 July 2008 - 05:07 PM

Byggarebob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hmm the scan took me 13 hours 24 minutes but here it is! :)





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, July 15, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, July 14, 2008 10:01:38
Records in database: 951340
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 385685
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 13:24:33


File name / Threat name / Threats count
C:\Program\Alwil Software\Avast4\DATA\moved\vav.cpl.vir Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.s 1
D:\!!!!!!!!!!!!!!!!!!!!!!\Fraps 2.9.4 Build 7037\Fraps 2.9.4 Build 7037.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.qqd 1
D:\Azureus Downloads\Nero 8 Ultra Edition v8 2 8 0 + KeyGen (Latest)\Nero 8 Ultra Edition v8.2.8.0 + KeyGen\Nero-8.2.8.0_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
D:\Azureus Downloads\setup.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1

The selected area was scanned.

Edited by Byggarebob, 14 July 2008 - 05:07 PM.

  • 0

#18
kahdah
Posted 14 July 2008 - 06:49 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program\Alwil Software\Avast4\DATA\moved\vav.cpl.vir 
D:\!!!!!!!!!!!!!!!!!!!!!!\Fraps 2.9.4 Build 7037\Fraps 2.9.4 Build 7037.rar 
D:\Azureus Downloads\Nero 8 Ultra Edition v8 2 8 0 + KeyGen (Latest)
D:\Azureus Downloads\setup.exe
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=====================
After that post the dss log and the Ot Move it log and let me know if thingsare back to normal?
  • 0

#19
Byggarebob
Posted 15 July 2008 - 03:07 AM

Byggarebob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok here is the log from OTMoveIT




C:\Program\Alwil Software\Avast4\DATA\moved\vav.cpl.vir moved successfully.
D:\!!!!!!!!!!!!!!!!!!!!!!\Fraps 2.9.4 Build 7037\Fraps 2.9.4 Build 7037.rar moved successfully.
D:\Azureus Downloads\Nero 8 Ultra Edition v8 2 8 0 + KeyGen (Latest)\Nero 8 Ultra Edition v8.2.8.0 + KeyGen moved successfully.
D:\Azureus Downloads\Nero 8 Ultra Edition v8 2 8 0 + KeyGen (Latest) moved successfully.
D:\Azureus Downloads\setup.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07152008_110239





And here is the dss main.txt log





Deckard's System Scanner v20071014.68
Run by Pizza on 2008-07-15 11:04:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Pizza.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:14, on 2008-07-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program\Alwil Software\Avast4\ashMaiSv.exe
C:\Program\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Kiwee Toolbar2\1.5.131\kwtbaim.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Pizza\Skrivbord\dss.exe
C:\Program\TRENDM~1\HIJACK~1\Pizza.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [KiweeHook] "C:\Program\Kiwee Toolbar2\1.5.131\kwtbaim.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\Program\DELADE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com...llerControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program\Delade filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9338 bytes

-- Files created between 2008-06-15 and 2008-07-15 -----------------------------

2008-07-15 10:00:51 0 d-------- C:\WINDOWS\LastGood
2008-07-13 23:50:07 0 d-------- C:\Documents and Settings\Pizza\Application Data\gtk-2.0
2008-07-13 22:30:47 0 d-------- C:\Program\SprayR
2008-07-13 18:16:50 0 d-------- C:\Documents and Settings\Pizza\Application Data\Malwarebytes
2008-07-13 18:16:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-13 18:16:47 0 d-------- C:\Program\Malwarebytes' Anti-Malware
2008-07-13 15:15:40 0 d-------- C:\Program\Trend Micro
2008-07-13 11:55:47 0 d-------- C:\cmdcons
2008-07-13 01:45:36 0 d-------- C:\Documents and Settings\Pizza\Lokala instõllningar
2008-07-13 01:45:36 0 d-------- C:\Documents and Settings\NetworkService\Lokala instõllningar
2008-07-13 01:45:36 0 d-------- C:\Documents and Settings\LocalService\Lokala instõllningar
2008-07-13 01:45:36 0 d-------- C:\Documents and Settings\Familj\Lokala instõllningar
2008-07-13 01:18:20 0 d-------- C:\Documents and Settings\Pizza\Start Menu
2008-07-13 01:16:31 68096 --a------ C:\WINDOWS\zip.exe
2008-07-13 01:16:31 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-13 01:16:31 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-13 01:16:31 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-13 01:16:31 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-13 01:16:31 98816 --a------ C:\WINDOWS\sed.exe
2008-07-13 01:16:31 80412 --a------ C:\WINDOWS\grep.exe
2008-07-13 01:16:31 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-13 00:39:03 0 d-------- C:\WINDOWS\pss
2008-07-12 23:05:54 0 d-------- C:\Program\Lavasoft
2008-07-12 23:05:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-12 19:45:07 0 d-------- C:\WINDOWS\Prefetch
2008-07-12 12:40:46 0 d-------- C:\Program\Sigma Production Inc
2008-07-12 11:53:47 0 d-------- C:\Program\Aspyr
2008-07-07 20:48:12 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-07 12:54:16 0 d-------- C:\Documents and Settings\Pizza\Application Data\vlc
2008-07-07 12:50:38 0 d-------- C:\Program\VideoLAN
2008-07-06 22:22:32 0 d-------- C:\Documents and Settings\Pizza\Tracing
2008-07-06 01:57:15 0 d-------- C:\Program\Windows Live Safety Center
2008-07-06 00:29:34 0 d-------- C:\Program\GameSpy
2008-07-06 00:28:44 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-07-06 00:27:37 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-07-06 00:23:46 0 d-------- C:\Program\Electronic Arts
2008-07-05 18:15:14 0 d-------- C:\Program\Echovoice
2008-07-05 17:26:36 0 d-------- C:\Program\Winamp Toolbar
2008-07-05 17:26:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-07-05 17:26:14 0 d-------- C:\Program\Winamp
2008-07-05 17:26:14 0 d-------- C:\Documents and Settings\Pizza\Application Data\Winamp
2008-07-05 15:42:57 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-07-05 15:42:57 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-07-05 15:42:57 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-07-05 15:33:35 30592 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-05 15:33:34 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-07-05 15:33:34 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-07-05 15:31:19 0 d-------- C:\Program\Diablo II
2008-07-05 15:13:29 0 d-------- C:\Diablo 2
2008-06-30 14:17:09 0 d-------- C:\CSS Skins
2008-06-30 14:14:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-30 14:14:25 0 d-------- C:\Documents and Settings\Pizza\Application Data\Mozilla
2008-06-29 19:12:33 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-29 19:12:33 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-29 19:12:23 0 d-------- C:\Program\ImTOO
2008-06-29 19:11:17 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-29 19:11:17 0 d-------- C:\Documents and Settings\Pizza\Application Data\Vso
2008-06-29 19:11:17 47360 --a------ C:\Documents and Settings\Pizza\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-29 19:11:07 0 d-------- C:\Program\DVDFab Platinum 4
2008-06-27 20:42:38 0 d-------- C:\Program\GCFScape
2008-06-25 22:02:49 0 d-------- C:\Program\Game Extractor
2008-06-25 21:44:10 0 d-------- C:\dsbuff
2008-06-24 14:55:27 0 d-------- C:\Program\7-Zip
2008-06-22 13:40:54 0 d-------- C:\Program\MultiMedia Lab V
2008-06-22 13:40:24 307200 --a------ C:\WINDOWS\IsUn041d.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-21 17:43:53 0 d-------- C:\Documents and Settings\Pizza\Application Data\CoreFTP
2008-06-21 17:43:27 0 d-------- C:\Program\CoreFTP
2008-06-21 17:33:00 0 d-------- C:\Documents and Settings\Pizza\Application Data\SmartFTP
2008-06-21 15:00:49 0 d-------- C:\Program\Whisper Technology
2008-06-20 19:21:02 0 d-------- C:\Documents and Settings\Pizza\Application Data\Media Player Classic
2008-06-20 18:56:52 0 d-------- C:\Program\BreakPoint Software
2008-06-18 11:46:47 0 d-------- C:\Program\WinAVI MP4 Converter


-- Find3M Report ---------------------------------------------------------------

2008-07-15 11:01:31 0 d-------- C:\Documents and Settings\Pizza\Application Data\Skype
2008-07-15 10:01:45 0 d-------- C:\Documents and Settings\Pizza\Application Data\skypePM
2008-07-13 23:37:42 0 d-------- C:\Documents and Settings\Pizza\Application Data\Adobe
2008-07-12 23:05:20 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-07-12 19:52:42 441280 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-07-12 19:52:42 82930 --a------ C:\WINDOWS\system32\perfc01D.dat
2008-07-12 19:39:40 23468 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-12 12:49:47 0 d-------- C:\Documents and Settings\Pizza\Application Data\uTorrent
2008-07-12 00:26:10 0 d-------- C:\Documents and Settings\Pizza\Application Data\LimeWire
2008-07-06 22:20:38 0 d-------- C:\Program\Windows Live
2008-07-02 12:20:21 0 d-------- C:\Documents and Settings\Pizza\Application Data\Publish Providers
2008-06-29 19:11:21 34 --a------ C:\Documents and Settings\Pizza\Application Data\pcouffin.log
2008-06-29 19:11:17 1144 --a------ C:\Documents and Settings\Pizza\Application Data\pcouffin.inf
2008-06-29 19:11:17 7887 --a------ C:\Documents and Settings\Pizza\Application Data\pcouffin.cat
2008-06-24 20:02:38 0 d-------- C:\Program\Realtek
2008-06-13 19:23:33 0 d-------- C:\Program\GoldWave
2008-06-12 15:59:03 0 d--h----- C:\Program\InstallShield Installation Information
2008-06-12 15:55:19 0 d-------- C:\Program\Activision
2008-06-11 20:43:25 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-11 20:41:53 0 d-------- C:\Program\Skype
2008-06-11 20:41:50 0 d-------- C:\Program\Delade filer
2008-06-11 20:41:50 0 d-------- C:\Program\Delade filer\Skype
2008-06-11 18:17:44 0 d-------- C:\Program\NINTENDO DS GAME BROWSER
2008-06-11 18:16:33 286720 --a------ C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-06-11 18:16:32 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-08 21:58:01 0 d-------- C:\Program\VentSrv
2008-06-08 21:45:25 0 d-------- C:\Program\Ventrilo Mix
2008-06-04 18:21:11 0 d-------- C:\Program\Guitar Pro 5
2008-05-31 11:35:32 0 d-------- C:\Program\Delade filer\Adobe
2008-05-31 11:34:07 0 d-------- C:\Program\Delade filer\Control Panels
2008-05-31 11:24:36 0 d-------- C:\Program\QuickTime
2008-05-31 11:15:39 0 d-------- C:\Program\Bonjour
2008-05-31 11:12:29 0 d-------- C:\Program\Delade filer\Macrovision Shared
2008-05-29 15:05:36 0 d-------- C:\Program\MSXML 6.0
2008-05-28 15:57:02 0 d-------- C:\Documents and Settings\Pizza\Application Data\Sony
2008-05-28 15:45:20 0 d-------- C:\Program\Sony
2008-05-28 15:40:11 0 d-------- C:\Program\MSBuild
2008-05-28 15:38:07 0 d-------- C:\Program\Reference Assemblies
2008-05-28 15:33:27 0 d-------- C:\Documents and Settings\Pizza\Application Data\Sony Setup
2008-05-28 15:33:19 0 d-------- C:\Program\Sony Setup
2008-05-27 21:17:53 0 d-------- C:\Program\Windows Media Connect 2
2008-05-27 17:10:27 0 d-------- C:\Program\K-Lite Codec Pack
2008-05-27 17:08:16 306629 --a------ C:\WINDOWS\SesamTV Media Center Uninstaller.exe
2008-05-27 16:48:33 0 d-------- C:\Program\Dusco
2008-05-26 17:51:27 0 d-------- C:\Documents and Settings\Pizza\Application Data\AccurateRip
2008-05-26 17:51:26 12890 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-05-26 17:51:24 0 d-------- C:\Program\Illustrate
2008-05-24 22:05:06 0 d-------- C:\Documents and Settings\Pizza\Application Data\Sun
2008-05-24 22:04:44 0 d-------- C:\Program\Java
2008-05-23 20:31:47 0 d-------- C:\Program\LimeWire
2008-05-23 20:31:08 0 d-------- C:\Program\Delade filer\Java
2008-05-22 12:31:50 0 dr-h----- C:\Documents and Settings\Pizza\Application Data\SecuROM
2008-05-21 16:09:16 0 d-------- C:\Program\DAEMON Tools Lite
2008-05-21 15:39:47 0 d-------- C:\Documents and Settings\Pizza\Application Data\Leadertech
2008-05-21 15:39:46 0 d-------- C:\Program\Delade filer\Logishrd
2008-05-21 15:39:09 0 d-------- C:\Program\Logitech
2008-05-20 23:07:40 0 d-------- C:\Program\DAP
2008-05-20 23:06:25 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-05-20 22:39:23 0 d-------- C:\Program\uTorrent
2008-05-20 22:13:49 0 d-------- C:\Program\Microsoft Works
2008-05-20 22:06:15 0 d-------- C:\Documents and Settings\Pizza\Application Data\DAEMON Tools
2008-05-20 20:34:11 0 d-------- C:\Program\Kiwee Toolbar2
2008-05-20 20:21:08 0 d-------- C:\Documents and Settings\Pizza\Application Data\ImgBurn
2008-05-20 20:14:06 0 d-------- C:\Program\ImgBurn
2008-05-20 16:40:40 0 d-------- C:\Documents and Settings\Pizza\Application Data\Ventrilo
2008-05-18 21:33:08 0 d-------- C:\Program\Buggy
2008-05-18 21:25:56 0 d-------- C:\Program\Messenger
2008-05-18 20:55:10 0 d--hs--c- C:\Program\Delade filer\WindowsLiveInstaller
2008-05-18 16:35:13 0 d-------- C:\Documents and Settings\Pizza\Application Data\WinRAR
2008-05-18 16:20:31 0 d-------- C:\Program\Delade filer\ODBC
2008-05-18 16:20:29 0 d-------- C:\Program\Delade filer\SpeechEngines
2008-05-18 16:20:12 62 --ahs---- C:\Documents and Settings\Pizza\Application Data\desktop.ini
2008-05-18 14:57:39 0 d-------- C:\Program\Alwil Software
2008-05-18 14:49:01 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-18 14:46:18 0 d-------- C:\Program\Delade filer\InstallShield
2008-05-18 14:44:01 0 d-------- C:\Documents and Settings\Pizza\Application Data\Macromedia
2008-05-18 14:42:55 0 d-------- C:\Program\Intel
2008-05-18 14:41:42 0 d-------- C:\Program\Dell
2008-05-18 14:39:56 0 d-------- C:\Documents and Settings\Pizza\Application Data\Identities
2008-05-18 14:35:49 0 d-------- C:\Program\microsoft frontpage
2008-05-18 14:35:40 0 -rahs---- C:\MSDOS.SYS
2008-05-18 14:35:40 0 -rahs---- C:\IO.SYS
2008-05-18 14:35:40 0 --a------ C:\CONFIG.SYS
2008-05-18 14:35:40 0 --a------ C:\AUTOEXEC.BAT
2008-05-18 14:34:57 0 d--h----- C:\Program\WindowsUpdate
2008-05-18 14:34:54 0 d-------- C:\Program\Onlinetjänster
2008-05-18 14:34:21 0 d-------- C:\Program\Delade filer\MSSoap
2008-05-18 14:34:15 0 d-------- C:\Program\Movie Maker
2008-05-18 14:33:23 0 d-------- C:\Program\MSN Gaming Zone
2008-05-18 14:33:17 0 d-------- C:\Program\Windows NT
2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-04-03 10:52 265360 --a------ C:\Program\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll [2008-04-03 10:52 265360]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[-HKEY_CLASSES_ROOT\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46]
"nwiz"="nwiz.exe" [2008-05-03 05:46 C:\WINDOWS\system32\nwiz.exe]
"Launch LCDMon"="C:\Program\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43]
"Launch LGDCore"="C:\Program\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57]
"KiweeHook"="C:\Program\Kiwee Toolbar2\1.5.131\kwtbaim.exe" [2008-04-03 10:51]
"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 17:39 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"Acrobat Assistant 8.0"="C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54]
"Adobe_ID0EYTHM"="C:\Program\DELADE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40]
"WinampAgent"="C:\Program\Winamp\winampa.exe" [2008-03-27 08:35]
"Echovoice Gamer Statistics"="C:\Program\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 23:52]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16:32 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-16 17:16]
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 18:24]
"DAEMON Tools Lite"="C:\Program\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39]
"Skype"="C:\Program\Skype\Phone\Skype.exe" [2008-05-30 15:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program\GameSpy\Comrade\Comrade.exe




-- End of Deckard's System Scanner: finished at 2008-07-15 11:04:40 ------------




Can i delete the files that i moved with OTmoveIT? I mean in the C:\_OTMoveIT\Moved files etc , can i delete the files in there?
  • 0

#20
kahdah
Posted 15 July 2008 - 03:24 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Doing the below will get rid of them.
============================
Cleanup::
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
===============
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
=====================================
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#21
Byggarebob
Posted 15 July 2008 - 04:02 AM

Byggarebob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks so much i think i got all viruses deleted now :)


You was very helpfull . I would donated if i had paypal :)
  • 0

#22
kahdah
Posted 15 July 2008 - 07:27 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#23
kahdah
Posted 15 July 2008 - 07:27 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP