Adware.virtumonde, Trojandownloader.agent.nbq And Other Trojan Friends

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Adware.virtumonde, Trojandownloader.agent.nbq And Other Trojan Friends, strange web pages poping up, system error msgs, need help please

Options

sonjicko View Member Profile	Apr 21 2008, 07:18 PM Post #1
New Member Group: Members Posts: 13 Joined: 16-June 07 Member No.: 136,948	Hi I was away for some time ad my mum and brother were using my computer... anyway, my browser doesn't want to read web pages normaly - takes long time to load one page and then mozilla (or explorer) just shows some kind of 'free' protection for computer eg. 'Advanced Cleaner'. Other thing it does is just comes out with message - something like ' Windows will turn of explorer because it's not safe for your computer' and it stops working - I have blank screen in front of me. Scanning with NOD showed it has got: Win32/HandyKeylogger.A application JS/TrojanDownloader.Agent.NBQ TrojanDownloader.VB.AW in C:csrss.exe has got Win32/TrojanDownloader.Small.IAW in removalfile.bat has got Win32/Adware.Virtumonde application. I tried to scan it with Kaspersky Online Scanner but it didn't want to do that, just freezed. Here are reports generated by DSS : Deckard's System Scanner v20071014.68 Run by Jasna on 2008-04-22 01:49:33 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2008-04-21 23:49:34 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Jasna.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:52:16, on 22.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\vsnpstd.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Jasna\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Jasna.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.net.hr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {67D4779F-4CEE-406F-8F17-D7DCDC8C9060} - C:\WINDOWS\system32\efcBUmli.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\pmnmjHXN.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [485b1d6a] rundll32.exe "C:\WINDOWS\system32\ogbeufck.dll",b O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [BM4b682ef6] Rundll32.exe "C:\WINDOWS\system32\fuqowqdx.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab O16 - DPF: Yahoo! Chess - http://download2.games.yahoo.com/games/clients/y/ct5_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203796788234 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203796777421 O17 - HKLM\System\CCS\Services\Tcpip\..\{EC6F7AF4-219F-42CB-9377-5CE43627834E}: NameServer = 195.29.149.196 195.29.149.197 O20 - Winlogon Notify: pmnmjHXN - C:\WINDOWS\SYSTEM32\pmnmjHXN.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9442 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20070929-010241-774 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) backup-20070929-010351-593 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> S3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Universal Serial Bus (USB) Controller Device ID: PCI\VEN_10DE&DEV_00E8&SUBSYS_50041458&REV_A2\3&13C0B0C5&0&12 Manufacturer: Name: Universal Serial Bus (USB) Controller PNP Device ID: PCI\VEN_10DE&DEV_00E8&SUBSYS_50041458&REV_A2\3&13C0B0C5&0&12 Service: -- Files created between 2008-03-22 and 2008-04-22 ----------------------------- 2008-04-21 22:24:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-21 22:24:53 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-21 21:48:14 0 d-------- C:\Program Files\EsetOnlineScanner 2008-04-21 17:41:50 87616 --a------ C:\WINDOWS\system32\ogbeufck.dll 2008-04-21 17:38:50 97344 --a------ C:\WINDOWS\system32\fuqowqdx.dll 2008-04-21 17:20:00 0 d--hs---- C:\Documents and Settings\Sonja\Recent 2008-04-20 18:11:16 202268 --ahs---- C:\WINDOWS\system32\ilmUBcfe.ini2 2008-04-20 18:02:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback 2008-04-20 18:02:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2008-04-20 17:36:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI 2008-04-19 16:42:03 0 d--hs---- C:\Documents and Settings\Administrator\Recent 2008-04-19 16:39:21 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-04-19 16:39:21 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-04-19 16:39:21 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-04-19 16:39:21 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-04-19 16:39:21 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-04-19 16:39:21 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-04-19 16:39:21 0 d-------- C:\Documents and Settings\Administrator\My Documents 2008-04-19 16:39:21 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-04-19 16:39:21 0 d-------- C:\Documents and Settings\Administrator\Favorites 2008-04-19 16:39:21 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-04-19 16:39:21 0 d--hs---- C:\Documents and Settings\Administrator\Cookies 2008-04-19 16:39:21 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-04-19 16:39:21 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-04-19 16:10:33 0 d-------- C:\xxxxx 2008-04-19 16:03:10 0 d-------- C:\totalcmd 2008-04-19 15:58:30 0 d--hs---- C:\Documents and Settings\Jasna\Recent 2008-04-18 18:21:27 274432 --a------ C:\WINDOWS\system32\efcBUmli.dll 2008-04-18 18:16:25 37888 --a------ C:\WINDOWS\system32\pmnmjHXN.dll 2008-03-31 20:12:59 0 d-------- C:\Program Files\Vopt8 -- Find3M Report --------------------------------------------------------------- 2008-04-22 01:34:05 0 d-------- C:\Program Files\Windows Media Connect 2 2008-04-19 15:59:54 0 d-------- C:\Program Files\Google 2008-03-29 12:58:33 0 d-------- C:\Documents and Settings\Jasna\Application Data\Skype 2008-03-09 14:40:16 0 d-------- C:\Program Files\YouTube Downloader 2008-03-02 17:10:39 0 d-------- C:\Program Files\CCleaner 2008-03-02 14:19:04 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-03-02 14:17:03 0 d-------- C:\Program Files\Microsoft Silverlight 2008-03-02 14:00:12 0 d-------- C:\Program Files\MSBuild 2008-03-02 13:53:50 0 d-------- C:\Program Files\Reference Assemblies 2008-03-02 13:52:31 0 d-------- C:\Program Files\MSXML 4.0 2008-03-02 13:52:11 0 d-------- C:\Program Files\MSXML 6.0 2008-03-02 13:48:04 0 d-------- C:\Program Files\CONEXANT 2008-03-02 13:06:40 592 --a------ C:\WINDOWS\chgkey.vbs 2008-03-02 13:04:54 0 d-------- C:\Documents and Settings\Jasna\Application Data\U3 2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library> 2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library> 2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library> 2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller> -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67D4779F-4CEE-406F-8F17-D7DCDC8C9060}] 18.04.2008 18:21 274432 --a------ C:\WINDOWS\system32\efcBUmli.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}] 18.04.2008 18:16 37888 --a------ C:\WINDOWS\system32\pmnmjHXN.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [24.11.2004 22:10] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [25.11.2004 01:27] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 12:50] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26.10.2005 17:17] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14.01.2004 03:10] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09.03.2007 10:10] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [17.10.2007 18:58] "485b1d6a"="C:\WINDOWS\system32\ogbeufck.dll" [21.04.2008 17:41] "snpstd"="C:\WINDOWS\vsnpstd.exe" [10.06.2004 14:48] "BM4b682ef6"="C:\WINDOWS\system32\fuqowqdx.dll" [21.04.2008 17:38] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 01:56] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [24.11.2006 18:16] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [24.11.2005 1:04:13] Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9.2.2005 23:00:53] ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [25.11.2004 1:27:20] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [23.3.2004 13:23:06] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.2.2001 2:01:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\WINDOWS\system32\pmnmjHXN.dll [18.04.2008 18:16 37888] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmjHXN] pmnmjHXN.dll 18.04.2008 18:16 37888 C:\WINDOWS\system32\pmnmjHXN.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\efcBUmli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\485b1d6a] rundll32.exe "C:\WINDOWS\system32\ogbeufck.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM4b682ef6] Rundll32.exe "C:\WINDOWS\system32\fuqowqdx.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TlntSvr"=3 (0x3) "RSVP"=3 (0x3) "RDSessMgr"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "<NO NAME>"= "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{395e88f8-a1d5-11dc-902b-000fea7d67cc}] AutoRun\command- F:\LaunchU3.exe -- Hosts ----------------------------------------------------------------------- 127.0.0.1 hityou.com 127.0.0.1 www.hityou.com 127.0.0.1 180searchassistant.com 127.0.0.1 www.180searchassistant.com 127.0.0.1 180solutions.com 127.0.0.1 www.180solutions.com 127.0.0.1 bis.180solutions.com 127.0.0.1 config.180solutions.com 127.0.0.1 cts.180solutions.com 127.0.0.1 downloads.180solutions.com 6621 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-04-22 01:52:40 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon™ 64 Processor 2800+ Percentage of Memory in Use: 32% Physical Memory (total/avail): 1535.48 MiB / 1030.15 MiB Pagefile Memory (total/avail): 2410.01 MiB / 2048.15 MiB Virtual Memory (total/avail): 2047.88 MiB / 1909.77 MiB C: is Fixed (NTFS) - 74.52 GiB total, 16.37 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) F: is Fixed (FAT32) - 232.83 GiB total, 220.79 GiB free. \\.\PHYSICALDRIVE0 - ST380817AS - 74.53 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 74.52 GiB - C: \\.\PHYSICALDRIVE1 - Memorex Ultra TD v2 USB Device - 232.88 GiB - 1 partition \PARTITION0 - Unknown - 232.88 GiB - F: -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is enabled. UpdatesDisableNotify is set. AntivirusOverride is set. AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Games\\Black And White\\runblack.exe"="C:\\Games\\Black And White\\runblack.exe::Disabled:lh" "C:\\Program Files\\Resolume-2-2\\resolume.exe"="C:\\Program Files\\Resolume-2-2\\resolume.exe::Enabled:Resolume 2.2" "C:\\Program Files\\Electric Rain\\Swift 3D\\Version 4.00\\Program\\Swift3D.exe"="C:\\Program Files\\Electric Rain\\Swift 3D\\Version 4.00\\Program\\Swift3D.exe::Disabled:Swift 3D" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe::Enabled:Warcraft III" "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe::Enabled:Microsoft Management Console" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe::Enabled:µTorrent" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe::Enabled:LimeWire" "C:\\Program Files\\EA Games\\The Battle for Middle-earth ™\\game.dat"="C:\\Program Files\\EA Games\\The Battle for Middle-earth ™\\game.dat::Enabled:The Battle for Middle-earth ™" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"="C:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe::Enabled:Medieval_TW" "C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program Files\\Warcraft III\\War3.exe::Enabled:Warcraft III" "C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe::Enabled:Remote Assistance - Windows Messenger and Voice" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe::Enabled:TrueVector Service" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe::Enabled:Skype" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Jasna\Application Data CLASSPATH=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=AMD2800 ComSpec=C:\WINDOWS\system32\cmd.exe DEFAULT_CA_NR=CA6 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Jasna LOGONSERVER=\\AMD2800 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution\;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\;C:\PROGRAM FILES\COMMON FILES\AUTODESK SHARED\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 8, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0408 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Jasna\LOCALS~1\Temp TMP=C:\DOCUME~1\Jasna\LOCALS~1\Temp USERDOMAIN=AMD2800 USERNAME=Jasna USERPROFILE=C:\Documents and Settings\Jasna windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Sonja (admin)* Izidor (admin) Jasna (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} --> msiexec /i {46548E80-0409-0000-7E8A-45000F855001} --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACDSee Pro --> MsiExec.exe /I{F99F74B4-972B-4B06-B893-6B3B0DB0128B} Adobe Acrobat 5.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" Adobe After Effects 7.0 --> msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A} Adobe Bridge 1.0 --> MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102} Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=0409 Adobe ExtendScript Toolkit 1.0 --> MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102} Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903} Adobe MPEG Encoder --> MsiExec.exe /I{9811A185-3D3D-11D6-9E14-00036D172B00} Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Premiere 6.5 --> C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 6.5\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 6.5\Uninst.dll" Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110} Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Advanced RealMedia Export Plug-in for Premiere 6.0 --> C:\Program Files\Adobe\Premiere 6.5\Plug-ins\RNCompiler\rnuninst.exe RealNetworks\|RNCompiler\|6.0 AFPL Ghostscript 7.04 --> C:\program files\ghostscript\uninstgs.exe "C:\program files\ghostscript\gs7.04\uninstal.txt" AFPL Ghostscript Fonts --> C:\program files\ghostscript\uninstgs.exe "C:\program files\ghostscript\fonts\uninstal.txt" AirXonix version 1.30 --> "C:\Program Files\AirXonix\unins000.exe" ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> MsiExec.exe /I{F08DAD55-0EB9-46FD-B083-6AC2B3B816B7} ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe" AutoCAD 2005 - English --> MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA} Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove Canon iP3300 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300 /L0x0009 Canon iP3300 User Registration --> C:\Program Files\Canon\IJEREG\iP3300\UNINST.EXE Canon PhotoRecord --> MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC} Canon Setup Utility 2.3 --> "C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.3\uninst.ini Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe" Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32} Command and ConquerTM Generals Zero Hour --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} Context Free --> "C:\Program Files\OzoneSoft\ContextFree\uninst-contextfree.exe" Cool Edit Pro 2.1 --> C:\Program Files\coolpro2\cep2unin.exe Corel Graphics Suite 11 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0} Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170} DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe" Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" Enable S3 for USB Device --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu" ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe Eye Candy 4000 --> C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\EyeCandy\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\EyeCandy\EYECAN~1\INSTALL.LOG ffdshow --> "C:\Program Files\ffdshow\uninstall.exe" Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly GSview 4.3 --> C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt" J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe KPT 6 --> C:\WINDOWS\IsUninst.exe -f"c:\program files\adobe\photoshop 7.0\plug-ins\kpt\KPT6\KPT6Unin.isu" LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe" Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" MilkDrop for Winamp 2x (remove only) --> "C:\Program Files\Winamp\uninst-vis_milk.dll.exe" Mozilla Firefox (1.0.7) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0.7 (en-US)" MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall Nimo Codecs Pack v5.0 (Remove Only) --> "C:\Program Files\NimoCodec Pack\uninstall.exe" NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL NOD32 FiX --> "C:\Program Files\Eset\unins000.exe" NVIDIA Drivers --> C:\WINDOWS\System32\NVUNINST.EXE UninstallGUI PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369} PCI SoftV92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1\HXFSetup.exe -U -IPSCRCTR5K.inf Poser 4 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MetaCreations\Poser 4\unPoser4.isu" PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1033 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Resolume 2.2 --> "C:\Program Files\Resolume-2-2\unins000.exe" Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9} Segmation 1.0 Evaluation --> C:\WINDOWS\IsUninst.exe -f"c:\program files\adobe\photoshop 7.0\plug-ins\segmation\Uninst.isu" Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe" Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794} Stronghold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}\setup.exe" -l0x9 Stronghold Crusader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe" Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04} SWiSHmax --> C:\WINDOWS\unvise32.exe C:\Program Files\SWiSHmax\uninstal.log The Matrix Reloaded 3D Screensaver v2.5 - Donor Version --> "C:\Program Files\UselessCreations\Matrix3D\uninst.exe" TRUST 240H EASY WEBSCAN GOLD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5118744-F85A-4157-9D6E-01DC1410D16A}\setup.exe" Undo Delete --> "C:\Program Files\Undo Delete\unins000.exe" Unreal Tournament --> C:\UnrealTournament\System\Setup.exe uninstall "UnrealTournament" VideoCAM Eye --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B54CED1-1911-4ECF-AA35-D2E14A716A36}\Setup.exe" -l0x9 VideoCAM Eye --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B08C6A5-2B90-4E93-980D-7EEB39099D4D}\setup.exe" -l0x9 Vopt 8.18 --> C:\PROGRA~1\Vopt8\UNWISE.EXE C:\PROGRA~1\Vopt8\INSTALL.LOG Where Is It? 3.10 --> C:\PROGRA~1\WHEREI~1\UNWISE.EXE C:\PROGRA~1\WHEREI~1\INSTALL.LOG Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} WinRAR arhiver --> C:\Program Files\WinRAR\uninstall.exe Xenofex 1.0 --> C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\Xenofex\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\Xenofex\INSTALL.LOG XML Paper Specification Shared Components Pack 1.0 --> Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type2718 / Error Event Submitted/Written: 04/22/2008 01:37:37 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x02c104f1. Processing media-specific event for [explorer.exe!ws!] Event Record #/Type2711 / Error Event Submitted/Written: 04/21/2008 08:07:52 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application Procmon.exe, version 1.11.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type2710 / Error Event Submitted/Written: 04/21/2008 08:05:58 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application firefox.exe, version 1.0.7.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type2709 / Error Event Submitted/Written: 04/21/2008 07:59:07 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type2697 / Error Event Submitted/Written: 04/20/2008 06:18:11 PM Event ID/Source: 1015 / Winlogon Event Description: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code 1. The machine must now be restarted. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type143505 / Error Event Submitted/Written: 04/22/2008 01:06:19 AM Event ID/Source: 31008 / ipnathlp Event Description: The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code. Event Record #/Type143497 / Error Event Submitted/Written: 04/22/2008 01:01:31 AM Event ID/Source: 12294 / ati2mtag Event Description: CRT invalid display type Event Record #/Type143477 / Error Event Submitted/Written: 04/22/2008 01:00:07 AM / 04/22/2008 01:00:38 AM Event ID/Source: 12294 / ati2mtag Event Description: CRT invalid display type Event Record #/Type143472 / Warning Event Submitted/Written: 04/22/2008 01:00:22 AM Event ID/Source: 101 / W3SVC Event Description: The server was unable to add the virtual root '' for the directory 'c:\inetpub\wwwroot' due to the following error: The system cannot find the file specified. The data is the error code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. Event Record #/Type143471 / Warning Event Submitted/Written: 04/22/2008 01:00:22 AM Event ID/Source: 101 / MSFTPSVC Event Description: The server was unable to add the virtual root '' for the directory 'c:\inetpub\ftproot' due to the following error: The system cannot find the file specified. The data is the error code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. -- End of Deckard's System Scanner: finished at 2008-04-22 01:52:40 ------------ I hope you'll manage to help me. Thank you

sonjicko View Member Profile	Apr 23 2008, 01:03 PM Post #2
New Member Group: Members Posts: 13 Joined: 16-June 07 Member No.: 136,948	Problem solved! I'm installing new windows so I don't need your help any more. Thank you very much for helping people. Sonja

Thunder View Member Profile	Apr 23 2008, 01:08 PM Post #3
Forum Addict Group: HJT Team Posts: 3,294 Joined: 12-December 05 From: Belgium Member No.: 44,294	Hello Sonjicko and welcome to BleepingComputer, 1. * Clean your Cache and Cookies in IE: Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tab Under Browsing History, click Delete. Click Delete Files, Delete cookies and Delete history Click Close below. * Clean your Cache and Cookies in Firefox (In case you also have Firefox installed): Go to Tools > Options. Click Privacy in the menu.. Click the Clear now button below.. A new window will popup what to clear. Select all and click the Clear button again. Click OK to close the Options window * Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. Press OK to remove them. 2. Please download Malwarebytes' Anti-Malware from Here or Here Doubleclick mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply along with a fresh HijackThis log. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. 3. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you . In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial. It must be saved directly to your desktop. Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze. Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !! Greetings, Thunder -------------------- Whatever happens, make believe it was intended to ... ----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware. ----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference

sonjicko View Member Profile	Apr 23 2008, 05:21 PM Post #4
New Member Group: Members Posts: 13 Joined: 16-June 07 Member No.: 136,948	Once again, thank you for your effort. Bye

Thunder View Member Profile	Apr 24 2008, 07:52 AM Post #5
Forum Addict Group: HJT Team Posts: 3,294 Joined: 12-December 05 From: Belgium Member No.: 44,294	Hello Sonja, Our posts must have crossed each other. Please read this Prevention page with lots of info and tips how to prevent this in the future. And if you want to improve speed/system performance after malware removal, take a look here. Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. Please also read Tony Klein's excellent article: How I got Infected in the First Place and/or Grinlers tutorial on how malware is hidden and installed Since this issue appears resolved ... this Topic is closed. If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Whatever happens, make believe it was intended to ... ----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware. ----------------------------------------------------------------------- Stand Up & Be Counted --> <-- And make a difference

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 7th November 2009 - 09:50 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides