Pc Infected With Trojan.vundo And Blue Screen

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

1 2 >

Pc Infected With Trojan.vundo And Blue Screen, Trojan.vundo seems to be cleaned out by Malwarebytes' Anti-Malware

Options

slumbermann View Member Profile	Aug 17 2008, 06:45 PM Post #1
New Member Group: Members Posts: 12 Joined: 17-August 08 Member No.: 230,801	Hi there, Its been 2 days already since i tried to clean up my computer, but seems its going to dead end again. And with my work dateline coming in a few days, so i decided to post my problem here. My PC got infected by Trojan.Vundo when i try to install Viewpoint Media Player which was prompt on one free 3D model website. So i use Malwarebytes' Anti-Malware to clean up the trojan, after clean up n reboot, then i scan again n will found another 2 registry infected n clean it again. Then after that i rescanned and end up found nothing anymore. Later i use RegCure to clean my Registry, from 1400+ errors, i down to only 80+ errors which cause by the empty key registry which shouldn't be harmfull. Then i scan with ad-aware to see if there anything else found, only tracking cookies found. then i quarantine that too. But then, i couldn't use google.com properly and trying www.avg.com will give me my localhost page, and website like bleepingcomputer.com will give me 404 error page not found ( i'm writing this from other pc). And now i keep getting blue screen after some times.... below are my Hijackthis.log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:07:16, on 18.08.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\igfxsrvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll O2 - BHO: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized O4 - HKCU\..\Run: [Nonoh] "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\PACIFI~1.EXE O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/incl...vzTCPConfig.CAB O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://203.141.196.52/SysCamInst.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.yobcast.tv/download/yobcast.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mathworksevents.webex.com/client/T2...bex/ieatgpc.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\Apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c8f6f592fa0b60) (gupdate1c8f6f592fa0b60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Ipswitch WS_FTP Service (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Folding\smpd.exe O23 - Service: MySQL - Unknown owner - D:\Apache\MySQL\bin\mysqld-nt (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: Viewpoint Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) -- End of file - 16261 bytes thanks a bunch to anyone who gonna help me with this... and sorry for my bad english.

slumbermann View Member Profile	Aug 18 2008, 07:14 AM Post #2
New Member Group: Members Posts: 12 Joined: 17-August 08 Member No.: 230,801	After reading through this forum, i tried to use the ComboFix together with Vista Repair DVD. Seems the google thing and bleepingcomputer now viewable thru my computer and even the website such as avg.com no more redirected to my localhost address. I'm running Sunbelt Personal Firewall for the time being for additional protection eventho i'm not sure if this firewall is really reliable. So thanks to this forum members, you guys sure are busy helping others. Appreciate it so much. THANKS AGAIN!!! Below are my latest Hijackthis.log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:09:22, on 2008-08-18 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Samsung\Easy Display Manager\DisplayManager.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\LowRateVoip\LowRateVoip.exe C:\Program Files\Nonoh.net\Nonoh\nonoh.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Thunderbird-Tray\TBTray.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Users\saleiz\AppData\Roaming\Maxthon\Maxthon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll O2 - BHO: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized O4 - HKCU\..\Run: [Nonoh] "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\PACIFI~1.EXE O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/incl...vzTCPConfig.CAB O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://203.141.196.52/SysCamInst.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.yobcast.tv/download/yobcast.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mathworksevents.webex.com/client/T2...bex/ieatgpc.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\Apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c8f6f592fa0b60) (gupdate1c8f6f592fa0b60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Ipswitch WS_FTP Service (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Folding\smpd.exe O23 - Service: MySQL - Unknown owner - D:\Apache\MySQL\bin\mysqld-nt (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe -- End of file - 17243 bytes

slumbermann View Member Profile	Aug 19 2008, 03:20 PM Post #3
New Member Group: Members Posts: 12 Joined: 17-August 08 Member No.: 230,801	My bad luck i guess, the pc actually not clean throughly. After scanning using Karsperky Online Scanner. I end up having 7 threat Names and 9 object infected. This giving me headache now, with my work pending... its really frustrating. Can someone point me how can i clean this infection without being infected again? Below are the Karsperky Scanning Report: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, August 19, 2008 Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, August 19, 2008 11:13:49 Records in database: 1110150 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 287052 Threat name: 7 Infected objects: 9 Suspicious objects: 0 Duration of the scan: 04:39:28 File name / Threat name / Threats count C:\$WINDOWS.~Q\DATA\Users\Gast\AppData\Local\Temp\$6DD71C3C.t$m Infected: not-a-virus:PSWTool.Win32.ProductKey.b 1 C:\QooBox\Quarantine\C\Windows\System32\bovqiipl.dll.vir Infected: Trojan.Win32.Monder.fxc 1 C:\QooBox\Quarantine\C\Windows\System32\tdssadw.dll.vir Infected: Trojan.Win32.Crypt.ia 1 C:\Users\saleiz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\514ba913-20fac47e Infected: Trojan-Downloader.Java.OpenConnection.ao 2 C:\Users\saleiz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\514ba913-20fac47e Infected: Trojan.Java.ClassLoader.au 1 C:\Users\saleiz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\74018dd6-752e134b Infected: Trojan-Downloader.Java.OpenStream.ac 1 C:\Users\saleiz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\635543bc-77ad5a67 Infected: Trojan.Java.ClassLoader.ap 2 The selected area was scanned. thank you.

harrythook View Member Profile	Sep 1 2008, 10:23 AM Post #4
Study Hall Admin Group: Study Hall Admin Posts: 4,129 Joined: 16-May 07 From: Philadelphia Member No.: 131,269	Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far. Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. Thanks and again sorry for the delay. Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. If you have not downloaded HiJackThis yet: Click here to download HJTInstall.exe Save HJTInstall.exe to your desktop. Doubleclick on the HJTInstall.exe icon on your desktop. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply. DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. In your reply: Fresh HJT log Kaspersky Online Scanner log Thanks Harry -------------------- Veni Vidi Vici THE FIGHT AGAINST MALWARE Become a BleepingComputer fan: *Facebook*

slumbermann View Member Profile	Sep 1 2008, 08:53 PM Post #5
New Member Group: Members Posts: 12 Joined: 17-August 08 Member No.: 230,801	Thank you very much for replying Harrythook, Currently, problem that i still have is, i cannot change my wallpaper when i select the image from my computer. I can only change my wallpaper from browser, when the image are on my internet browser. Other than that, the icon on my windows explorer seems not showing any preview, i need to sort each time, only then the image/preview will be shown. I hope you can help me on that. Another thing, i cant add new widget on my windows sidebar ever since. I'm using vista ultimate btw. Here are the scan log you asked for, sorry for replying late, cause the scanning took around 9 hours to finish. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, September 2, 2008 Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, September 01, 2008 15:37:42 Records in database: 1173783 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - Folder: C:\ Scan statistics: Files scanned: 362812 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 09:25:54 No malware has been detected. The scan area is clean. The selected area was scanned. and below are HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:50:26, on 2008-09-02 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe C:\Windows\system32\conime.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\LowRateVoip\LowRateVoip.exe C:\Program Files\Nonoh.net\Nonoh\nonoh.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Thunderbird-Tray\TBTray.exe C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Samsung\Easy Display Manager\DisplayManager.exe C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\igfxext.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe D:\e-Document\MiRC\mIRC 6.3 + keygen\mIRC - English.exe C:\Program Files\TeamViewer3\TeamViewer.exe C:\Program Files\Athan\Athan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\TextPad 4\TextPad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized O4 - HKCU\..\Run: [Nonoh] "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\PACIFI~1.EXE O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/incl...vzTCPConfig.CAB O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://203.141.196.52/SysCamInst.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.yobcast.tv/download/yobcast.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\Apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c8f6f592fa0b60) (gupdate1c8f6f592fa0b60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe O23 - Service: Ipswitch WS_FTP Service (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Folding\smpd.exe O23 - Service: MySQL - Unknown owner - D:\Apache\MySQL\bin\mysqld-nt (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe -- End of file - 17299 bytes ###### Thanks again. This post has been edited by slumbermann*: Sep 1 2008, 08:55 PM

Yourhighness View Member Profile	Sep 2 2008, 05:00 AM Post #6
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,644 Joined: 20-April 06 From: Hamburg Member No.: 64,788	Hello slumbermann and welcome to BleepingComputer! Apollogies for the delay. The forum has been very busy lately. I will take over from here. To be able to assist you properly, I would like to ask you to please download OTViewIt to your desktop. Close all windows and double click OTViewIt Place a tick in the Scan all Users box In the File Age drop down box select 90 days Click Run Scan and let the program run uninterrupted On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post. Thanks, Johannes -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE -

Yourhighness View Member Profile	Sep 3 2008, 02:30 PM Post #8
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,644 Joined: 20-April 06 From: Hamburg Member No.: 64,788	hi slumbermann, CODE D:\e-Document\MiRC\mIRC 6.3 + keygen\mIRC - English.exe QUOTE(Quietman7) Your logs show that you are using crack tools so that's probably how you became infected. The practice of using crack or keygen tools is not only considered illegal activity but it is a serious security risk. If you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a smörgåsbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS. source: http://www.bleepingcomputer.com/forums/index.php?s=&showtopic=165243&view=findpost&p=925724 Your logs show that you have (a) online poker programme(s) installed on your computer. I know that you may use these (this) game(s) on a regular basis but I think it's important to note that often these kind of programmes are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programmes yourself on purpose. There are so many online poker games out there these days that it is close to impossible to keep track of whether a programme is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the programme, then you can do so by following the below steps: Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs, search for the poker game and remove it. If you are unsure of anything, please dont hesitate to ask. QUOTE [07-05-2008 11:36 AM \| ---D \| C] - C:\Program Files\Enigma Software Group Enigma software group is a known trouble maker and I strongly suggest removing any of their software. The following is referring to Registry First Aid and CCleaner. Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts: Registry tools can cause irreparable damage to your Operating System Registry tools can, as a result of the above, render your pc to be inoperable. This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side. If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side. Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology." It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves. Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office." Please post the ComboFix log and the Malwarebytes' Antimalware log. Thanks! -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE -

slumbermann View Member Profile	Sep 3 2008, 03:06 PM Post #9
New Member Group: Members Posts: 12 Joined: 17-August 08 Member No.: 230,801	Hi Yourhighness, Thank you for your reply, i've uninstalled Online Poker as i dont really use it. Regarding CCleaner, i find it really usefull for cleaning up my temporary data and some unuse things. But if you say it not good for the pc overall performance, could you please advice me what how can i keep my data clean, not filled up with unneccessary things, because its sometimes goes up to 2Gb of waste junk. Regarding uTorrent, i'm well aware about the copyright things, i normally use it to distribute my own small movie or clip to friends and others who would like to download it. So i pretty much control what type of files are on my uTorrent. Btw, my pc was infected because of ViewPoint Media Player. I need that player to view 3D model in various sites. But seems after that i get infected. Now i'm not sure what kind of player i can use. All help really appreciated. Below are my Malwarebytes' Antimalware and ComboFix log. The ComboFix log was the log from last time when i try to run it to clean my pc. n the Malwarebytes' Antimalware log is the latest one. Malwarebytes' Anti-Malware 1.25 Database version: 1090 Windows 6.0.6001 Service Pack 1 22:05:34 2008-09-03 mbam-log-09-03-2008 (22-05-34).txt Scan type: Quick Scan Objects scanned: 56198 Time elapsed: 6 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 08-08-17.03 - saleiz 2008-08-18 4:06:09.1 - NTFSx86 ausgeführt von:: D:\ComboFix.exe * Resident AV is active . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\actskn43.ocx C:\Windows\system32\bovqiipl.dll C:\Windows\system32\cldfqykx.dll C:\Windows\system32\Memman.vxd C:\Windows\system32\skinboxer43.dll C:\Windows\system32\tdssadw.dll C:\Windows\system32\tdssinit.dll C:\Windows\system32\tdssl.dll C:\Windows\system32\tdsslog.dll C:\Windows\system32\tdssmain.dll C:\Windows\system32\tdssservers.dat C:\Windows\system32\x64 . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV ((((((((((((((((((((((( Dateien erstellt von 2008-07-18 bis 2008-08-18 )))))))))))))))))))))))))))))) . 2008-08-18 03:56 . 2008-08-18 04:02 <DIR> d-------- C:\327882R2FWJFW 2008-08-18 03:36 . 2004-10-15 18:17 60,496 --a------ C:\Windows\System32\drivers\Teefer.sys 2008-08-18 03:36 . 2004-10-15 18:18 21,075 --a------ C:\Windows\System32\drivers\wpsdrvnt.sys 2008-08-18 03:36 . 2004-10-15 18:32 14,568 --a------ C:\Windows\System32\drivers\wg6n.sys 2008-08-18 03:36 . 2004-10-15 18:32 14,568 --a------ C:\Windows\System32\drivers\wg5n.sys 2008-08-18 03:36 . 2004-10-15 18:32 14,568 --a------ C:\Windows\System32\drivers\wg4n.sys 2008-08-18 03:36 . 2004-10-15 18:32 14,568 --a------ C:\Windows\System32\drivers\wg3n.sys 2008-08-18 03:35 . 2008-08-18 03:35 <DIR> d-------- C:\Program Files\Sygate 2008-08-18 03:35 . 2004-10-15 18:32 83,096 --a------ C:\Windows\System32\SSSensor.dll 2008-08-18 01:07 . 2008-08-18 01:07 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-18 00:05 . 2008-08-18 00:05 <DIR> d-------- C:\$WINDOWS.~BT 2008-08-17 23:05 . 2008-08-17 23:16 2,078 --a------ C:\Windows\System32\tmp.reg 2008-08-17 23:04 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe 2008-08-17 23:04 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe 2008-08-17 23:04 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe 2008-08-17 23:04 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe 2008-08-17 23:04 . 2008-08-14 21:52 82,432 --a------ C:\Windows\System32\IEDFix.C.exe 2008-08-17 23:04 . 2008-08-09 15:37 82,432 --a------ C:\Windows\System32\404Fix.exe 2008-08-17 23:04 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe 2008-08-17 23:04 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe 2008-08-17 23:04 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe 2008-08-17 22:39 . 2008-08-18 04:17 328,018,280 --a------ C:\Windows\MEMORY.DMP 2008-08-17 18:59 . 2008-08-17 19:00 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-08-17 18:59 . 2008-08-17 19:00 <DIR> d-------- C:\ProgramData\Lavasoft 2008-08-17 18:00 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-08-17 17:36 . 2008-08-17 17:36 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys 2008-08-17 16:18 . 2008-08-17 16:35 <DIR> d-------- C:\Program Files\RegCure 2008-08-16 13:40 . 2008-08-16 13:40 <DIR> d-------- C:\Users\All Users\Viewpoint 2008-08-16 13:40 . 2008-08-16 13:40 <DIR> d-------- C:\ProgramData\Viewpoint 2008-08-16 13:28 . 2008-08-16 13:28 <DIR> d-------- C:\eDrawings 2008-08-15 00:51 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-14 23:43 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-08-14 23:43 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll 2008-08-14 23:43 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll 2008-08-14 23:43 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-14 23:43 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll 2008-08-14 22:06 . 2008-08-14 22:06 41,764 --a------ C:\Windows\System32\kek.exe 2008-08-11 00:38 . 2008-08-11 00:38 <DIR> d-------- C:\Windows\PCHEALTH 2008-08-09 00:48 . 2008-08-09 00:48 <DIR> d-------- C:\Program Files\Common Files\Stardock 2008-08-09 00:46 . 2008-08-09 00:46 537 --a------ C:\Users\saleiz - Verknpfung.lnk 2008-08-09 00:46 . 2008-08-09 00:46 537 --a------ C:\Users\saleiz - Verknpfung (2).lnk 2008-08-08 13:58 . 2008-08-08 13:58 <DIR> d-------- C:\Users\All Users\Yahoo! Companion 2008-08-08 13:58 . 2008-08-08 13:58 <DIR> d-------- C:\ProgramData\Yahoo! Companion 2008-08-08 09:38 . 2008-08-08 09:38 <DIR> d-------- C:\Program Files\FontFrenzy 2008-08-06 23:03 . 2008-08-06 23:03 <DIR> d-------- C:\Program Files\Windows Installer Clean Up 2008-08-06 23:02 . 2008-08-06 23:02 <DIR> d-------- C:\Program Files\MSECACHE 2008-08-06 06:52 . 2008-08-06 06:52 58,629 --a------ C:\Windows\System32\mpt.exe 2008-08-04 12:33 . 2008-08-04 12:33 <DIR> d-------- C:\Windows\System32\Lang 2008-08-01 06:28 . 2008-08-01 06:28 41,984 --a------ C:\Windows\System32\mpxa.exe 2008-07-22 02:15 . 2008-07-22 02:16 <DIR> d-------- C:\Program Files\Cool Beans NFO Creator 2008-07-20 04:29 . 2008-07-20 04:44 <DIR> d-------- C:\Program Files\FlashFXP 2008-07-19 18:41 . 1997-10-13 20:55 299,008 --a------ C:\Windows\unin0407.exe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-18 02:13 --------- d-----w C:\Users\saleiz\AppData\Roaming\DMCache 2008-08-17 23:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-17 22:51 --------- d-----w C:\Program Files\Windows Mail 2008-08-17 20:44 --------- d-----w C:\Program Files\Enigma Software Group 2008-08-17 20:01 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-08-17 19:42 --------- d-----w C:\Users\saleiz\AppData\Roaming\uTorrent 2008-08-17 16:59 --------- d-----w C:\Program Files\Lavasoft 2008-08-17 16:03 --------- d-----w C:\ProgramData\avg8 2008-08-17 13:55 2,560 ----a-w C:\Windows\system32\drivers\mchInjDrv.sys 2008-08-17 01:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-17 01:54 --------- d-----w C:\Users\saleiz\AppData\Roaming\Winamp 2008-08-17 01:54 --------- d-----w C:\Program Files\CyberLink 2008-08-17 01:54 --------- d-----w C:\Program Files\acoostic 2008-08-16 23:36 --------- d-----w C:\Users\saleiz\AppData\Roaming\mIRC 2008-08-16 13:28 --------- d-----w C:\Users\saleiz\AppData\Roaming\BSplayer PRO 2008-08-16 11:20 --------- d-----w C:\Users\saleiz\AppData\Roaming\SolidWorks 2008-08-14 22:53 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-10 12:35 --------- d-----w C:\Program Files\Winamp 2008-08-08 11:52 --------- d-----w C:\Program Files\Stardock 2008-08-07 19:27 --------- d-----w C:\Program Files\Google 2008-08-07 08:33 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-06 23:01 --------- d-----w C:\Program Files\CCleaner 2008-08-06 22:18 --------- d-----w C:\Users\saleiz\AppData\Roaming\Vso 2008-07-30 18:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-07-24 04:46 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-07-22 00:26 --------- d-----w C:\Users\saleiz\AppData\Roaming\U3 2008-07-20 02:26 --------- d---a-w C:\ProgramData\TEMP 2008-07-19 00:31 --------- d-----w C:\Program Files\QuickTime 2008-07-18 18:02 --------- d-----w C:\Users\saleiz\AppData\Roaming\Skype 2008-07-18 14:01 --------- d-----w C:\Users\saleiz\AppData\Roaming\skypePM 2008-07-17 14:01 32 ----a-w C:\Users\All Users\ezsid.dat 2008-07-17 14:01 32 ----a-w C:\ProgramData\ezsid.dat 2008-07-14 22:58 --------- d-----w C:\Users\saleiz\AppData\Roaming\FTPRush 2008-07-14 22:36 --------- d-----w C:\Program Files\FTPRush 2008-07-14 16:56 --------- d-----w C:\Program Files\SmartFTP Client 2008-07-14 16:54 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files 2008-07-14 16:25 --------- d-----w C:\ProgramData\FlashFXP 2008-07-14 12:00 --------- d-----w C:\Program Files\Common Files\Deterministic Networks 2008-07-14 06:24 --------- d-----w C:\Program Files\Lexmark 2200 Series 2008-07-14 02:00 --------- d-----w C:\Program Files\Analog Devices 2008-07-14 01:34 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-07-14 01:34 315,392 ----a-w C:\Windows\HideWin.exe 2008-07-14 01:34 --------- d-----w C:\Program Files\Realtek 2008-07-11 15:49 --------- d-----w C:\Program Files\MATLAB71 2008-07-11 15:04 --------- d-----w C:\Program Files\MagicDisc 2008-07-10 18:09 --------- d-----w C:\Program Files\Safari 2008-07-09 23:01 --------- d-----w C:\ProgramData\Stardock 2008-07-09 10:12 --------- d-----w C:\Program Files\Microsoft Games 2008-07-09 10:12 --------- d-----w C:\Program Files\BitLocker 2008-07-09 10:01 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-07-09 06:03 --------- d-sh--w C:\ProgramData\Vorlagen 2008-07-09 06:03 --------- d-sh--w C:\ProgramData\Startmenü 2008-07-09 06:03 --------- d-sh--w C:\ProgramData\Favoriten 2008-07-09 06:03 --------- d-sh--w C:\ProgramData\Dokumente 2008-07-09 06:03 --------- d-sh--w C:\ProgramData\Anwendungsdaten 2008-07-09 06:03 --------- d-sh--w C:\Program Files\Gemeinsame Dateien 2008-07-09 01:37 --------- d-----w C:\Users\saleiz\AppData\Roaming\Ipswitch 2008-07-09 01:36 --------- d-----w C:\Users\saleiz\AppData\Roaming\Academic Software Zurich 2008-07-09 01:34 --------- d-----w C:\Users\Gast\AppData\Roaming\Thunderbird 2008-07-09 01:34 --------- d-----w C:\Users\Gast\AppData\Roaming\Ipswitch 2008-07-09 00:51 --------- d-----w C:\ProgramData\McAfee 2008-07-09 00:51 --------- d-----w C:\ProgramData\Malwarebytes 2008-07-09 00:51 --------- d-----w C:\ProgramData\Macrovision 2008-07-09 00:51 --------- d-----w C:\ProgramData\IsolatedStorage 2008-07-09 00:51 --------- d-----w C:\ProgramData\Ipswitch 2008-07-09 00:51 --------- d-----w C:\ProgramData\iOpus-i-M 2008-07-09 00:51 --------- d-----w C:\ProgramData\FLEXnet 2008-07-09 00:51 --------- d-----w C:\ProgramData\DassaultSystemes 2008-07-09 00:51 --------- d-----w C:\ProgramData\CyberLink 2008-07-09 00:51 --------- d-----w C:\ProgramData\CheckPoint 2008-07-09 00:50 --------- d-----w C:\ProgramData\Apple Computer 2008-07-09 00:50 --------- d-----w C:\ProgramData\Apple 2008-07-09 00:50 --------- d-----w C:\ProgramData\Adobe Systems 2008-07-09 00:49 --------- d-----w C:\Program Files\Zend 2008-07-09 00:49 --------- d-----w C:\Program Files\ZDF 2008-07-09 00:49 --------- d-----w C:\Program Files\YourWare Solutions 2008-07-09 00:49 --------- d-----w C:\Program Files\YASAVideoEncoder 2008-07-09 00:49 --------- d-----w C:\Program Files\Yamicsoft 2008-07-09 00:49 --------- d-----w C:\Program Files\Yahoo! 2008-07-09 00:49 --------- d-----w C:\Program Files\Wireshark 2008-07-09 00:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-07-09 00:46 --------- d-----w C:\Program Files\PowerISO 2008-07-09 00:46 --------- d-----w C:\Program Files\PowerDataRecovery 2008-07-09 00:46 --------- d-----w C:\Program Files\PHP 2008-07-09 00:46 --------- d-----w C:\Program Files\Paragon Software 2008-07-09 00:46 --------- d-----w C:\Program Files\Panda Security 2008-07-09 00:46 --------- d-----w C:\Program Files\PacificPoker4 2008-07-09 00:44 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-07-09 00:44 --------- d-----w C:\Program Files\Microsoft SDKs 2008-07-09 00:43 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-07-09 00:43 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-07-09 00:43 --------- d-----w C:\Program Files\Media Player Classic 2008-07-09 00:43 --------- d-----w C:\Program Files\Media Pirate 2008-07-09 00:43 --------- d-----w C:\Program Files\Maxthon2 2008-07-09 00:43 --------- d-----w C:\Program Files\Maketorrent 2 2008-07-09 00:43 --------- d-----w C:\Program Files\MagicISO 2008-07-09 00:43 --------- d-----w C:\Program Files\Macromedia 2008-07-09 00:42 --------- d-----w C:\Program Files\LowRateVoip 2008-07-09 00:42 --------- d-----w C:\Program Files\KeyLog 2008-07-09 00:42 --------- d-----w C:\Program Files\K-Lite Codec Pack . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 Hinweis leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{384de036-63c8-4f7a-bea4-2a3d957925d5}"= "C:\Program Files\acoostic\tbacoo.dll" [2007-11-08 13:11 1502232] [HKEY_CLASSES_ROOT\clsid\{384de036-63c8-4f7a-bea4-2a3d957925d5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{384de036-63c8-4f7a-bea4-2a3d957925d5}] 2007-11-08 13:11 1502232 --a------ C:\Program Files\acoostic\tbacoo.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{384de036-63c8-4f7a-bea4-2a3d957925d5}"= "C:\Program Files\acoostic\tbacoo.dll" [2007-11-08 13:11 1502232] [HKEY_CLASSES_ROOT\clsid\{384de036-63c8-4f7a-bea4-2a3d957925d5}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{384DE036-63C8-4F7A-BEA4-2A3D957925D5}"= "C:\Program Files\acoostic\tbacoo.dll" [2007-11-08 13:11 1502232] [HKEY_CLASSES_ROOT\clsid\{384de036-63c8-4f7a-bea4-2a3d957925d5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-02-09 00:04 2562560] "LowRateVoip"="C:\Program Files\LowRateVoip\LowRateVoip.exe" [2008-01-25 19:51 8897848] "Nonoh"="C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" [2008-06-25 17:01 8929056] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-12-09 02:21 815104] "DMHotKey"="C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-28 01:45 466944] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 18:47 1232152] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-29 08:40 1167360] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-03-30 11:04 131072] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-03-30 11:04 147456] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-03-30 11:04 126976] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632] C:\Users\saleiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-08-09 00:48:54 3581680] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ TB-Tray.lnk - C:\Program Files\Thunderbird-Tray\TBTray.exe [2005-11-08 22:02:44 38912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "NoHotStart"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe::Enabled:FlashFXP v3 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{2190D275-5E1D-468D-A05A-4C25CAC12605}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{A34C1648-C0D0-45C0-ADC5-89B12B89A8E3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "UDP Query User{1662D5D3-4D86-4BEA-9570-F106AC574B1F}C:\\users\\saleiz\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:C:\users\saleiz\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe "TCP Query User{36C53DA3-291C-45A9-A5C0-378E04285FB7}C:\\users\\saleiz\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:C:\users\saleiz\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe "UDP Query User{6872C8C6-4B8B-4F7B-AF42-7997964AC4C1}C:\\program files\\nx client for windows\\bin\\nxssh.exe"= TCP:C:\program files\nx client for windows\bin\nxssh.exe:nxssh "TCP Query User{89C461ED-9401-4B32-B2BE-78960A537C62}C:\\program files\\nx client for windows\\bin\\nxssh.exe"= UDP:C:\program files\nx client for windows\bin\nxssh.exe:nxssh "UDP Query User{B9EDE479-B5B7-44E6-B049-0AAE589384A4}C:\\program files\\nx client for windows\\nxclient.exe"= TCP:C:\program files\nx client for windows\nxclient.exe:nxclient "TCP Query User{0CDF0F14-73E5-4DBA-B114-C1BCC1428B7B}C:\\program files\\nx client for windows\\nxclient.exe"= UDP:C:\program files\nx client for windows\nxclient.exe:nxclient "{3E226A50-91E2-4759-B4A2-51A566A6F80B}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe "{9960C9FB-A9B1-4243-A14D-023119A5F525}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0 "UDP Query User{3CF8A1B2-5C27-45E1-A990-71038BC21BE5}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime "TCP Query User{4E8204F0-0BBC-4EAD-9984-1FB0DE26045D}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime "UDP Query User{45B8872D-4E20-4A2F-B003-725BD7CCADCE}C:\\folding\\mpiexec.exe"= TCP:C:\folding\mpiexec.exe:mpiexec "TCP Query User{F15462FD-E7D3-463F-A83C-205F33C096E4}C:\\folding\\mpiexec.exe"= UDP:C:\folding\mpiexec.exe:mpiexec "UDP Query User{271D6947-4BE4-4F35-A7E2-95F4385733A7}C:\\folding\\smpd.exe"= TCP:C:\folding\smpd.exe:smpd "TCP Query User{5B12712A-9444-4D80-B668-E824F3786848}C:\\folding\\smpd.exe"= UDP:C:\folding\smpd.exe:smpd "UDP Query User{9A08ADB4-926F-4DD2-9C15-7321ABFA371B}C:\\folding\\mpiexec.exe"= TCP:C:\folding\mpiexec.exe:mpiexec "TCP Query User{74156E50-89D6-4D7C-AEB4-C3A9145D35F6}C:\\folding\\mpiexec.exe"= UDP:C:\folding\mpiexec.exe:mpiexec "UDP Query User{9DCE5668-09BB-40B6-9A27-190096B9AAEF}C:\\windows\\system32\\smpd.exe"= TCP:C:\windows\system32\smpd.exe:smpd "TCP Query User{281E30DD-C28D-4064-86DC-C1EC94E89B4B}C:\\windows\\system32\\smpd.exe"= UDP:C:\windows\system32\smpd.exe:smpd "UDP Query User{02F3D54C-4C8D-4413-A3EE-A0831EEC2A1E}C:\\windows\\system32\\mpiexec.exe"= TCP:C:\windows\system32\mpiexec.exe:mpiexec "TCP Query User{D44AABDD-A339-4DE9-A506-DE4083EAF6CF}C:\\windows\\system32\\mpiexec.exe"= UDP:C:\windows\system32\mpiexec.exe:mpiexec "UDP Query User{BF5FE22C-5BF7-4364-B70B-8933B0922C1F}D:\\e-document\\mirc\\mirc 6.3 + keygen\\mirc - english.exe"= TCP:D:\e-document\mirc\mirc 6.3 + keygen\mirc - english.exe:mIRC "TCP Query User{2802D56C-CF58-44D1-802A-744C0BE6DA4E}D:\\e-document\\mirc\\mirc 6.3 + keygen\\mirc - english.exe"= UDP:D:\e-document\mirc\mirc 6.3 + keygen\mirc - english.exe:mIRC "UDP Query User{9DEBB28E-1347-4A94-B80D-5A3BA202A50E}D:\\e-document\\mirc\\mirc 6.3 + keygen\\mirc - english.exe"= TCP:D:\e-document\mirc\mirc 6.3 + keygen\mirc - english.exe:mIRC "TCP Query User{CF1FC218-2B43-42D6-AB4F-1F5D9B20F1BE}D:\\e-document\\mirc\\mirc 6.3 + keygen\\mirc - english.exe"= UDP:D:\e-document\mirc\mirc 6.3 + keygen\mirc - english.exe:mIRC "UDP Query User{E5DFE76C-C0F7-41BC-AD74-A90F7FF8926E}D:\\e-document\\mirc\\2448script\\mirc.exe"= TCP:D:\e-document\mirc\2448script\mirc.exe:mIRC "TCP Query User{230D6A69-AC7B-44AB-B68C-45192854AC6B}D:\\e-document\\mirc\\2448script\\mirc.exe"= UDP:D:\e-document\mirc\2448script\mirc.exe:mIRC "{671045B1-F47C-41BD-911A-5BD9664CBAA9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{BF162738-B13C-4EC2-97AC-F8AE06B72921}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{BF0B4BAE-3135-473F-980A-5BC69F6ECD42}"= TCP:C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe:Nonoh "{28DB6FCF-AA97-4902-B266-7744FE970465}"= UDP:C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe:Nonoh "{73A737A3-32CC-40AC-A878-B90874BCF0D9}"= TCP:C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe:Nonoh "{EE2BBCBF-1CA7-4CCD-B9B1-630902DC4845}"= UDP:C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe:Nonoh "UDP Query User{A0A8755B-0DF6-4A34-82FE-BF8BCFF7704B}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{D3956F91-8007-4D4A-AC25-866DB1488C55}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{03C63FDB-3E13-4BF5-ADD7-55A9DD4BA92E}C:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= TCP:C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application "TCP Query User{C428803E-DD25-496F-8B48-BDECABB5898A}C:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= UDP:C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application "{7321C94C-4A94-4AFE-B93D-40D5FBC448FF}"= TCP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster "{5ED499B0-8708-4D5B-B9B3-F7810D84FDED}"= UDP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster "UDP Query User{A7E13DB6-206F-4E77-A3E5-938AADC77BD2}C:\\program files\\soldier of fortune ii - double helix mp test\\sof2mp-test.exe"= TCP:C:\program files\soldier of fortune ii - double helix mp test\sof2mp-test.exe:SoF2MP-Test "TCP Query User{27122A77-F52D-4496-A503-05061DE9C034}C:\\program files\\soldier of fortune ii - double helix mp test\\sof2mp-test.exe"= UDP:C:\program files\soldier of fortune ii - double helix mp test\sof2mp-test.exe:SoF2MP-Test "UDP Query User{38A76113-B692-4A4F-9251-30B8019A464C}C:\\program files\\soldier of fortune ii - double helix mp test\\sof2mp-test.exe"= TCP:C:\program files\soldier of fortune ii - double helix mp test\sof2mp-test.exe:SoF2MP-Test "TCP Query User{FF9D4450-B9F6-473B-BE77-586B7168B96A}C:\\program files\\soldier of fortune ii - double helix mp test\\sof2mp-test.exe"= UDP:C:\program files\soldier of fortune ii - double helix mp test\sof2mp-test.exe:SoF2MP-Test "{B90FE429-B9C3-44D1-8D57-93E49A827EEB}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{7A8FE5C2-5865-44CE-B3DA-9A429A522B6F}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "UDP Query User{2335B5E9-0C87-487F-B6BF-DEA3E794607E}C:\\users\\saleiz\\appdata\\roaming\\maxthon\\maxthon.exe"= TCP:C:\users\saleiz\appdata\roaming\maxthon\maxthon.exe:maxthon.exe "TCP Query User{71472E31-D30B-4630-BCE8-0EA25BAD3E6B}C:\\users\\saleiz\\appdata\\roaming\\maxthon\\maxthon.exe"= UDP:C:\users\saleiz\appdata\roaming\maxthon\maxthon.exe:maxthon.exe "{432CDA47-6543-4F28-99BA-D89679B2C39F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "UDP Query User{C438A985-FE6D-4831-9988-4419FAB6EB90}C:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= TCP:C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application "TCP Query User{7887526A-B70F-409D-858A-5B7B5BF4C2B0}C:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= UDP:C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application "UDP Query User{F0EBB45B-0984-4506-B0B4-47008FB26A3D}C:\\program files\\teamviewer3\\teamviewer.exe"= TCP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application "TCP Query User{F81C551F-6FB4-40A6-9EF3-2EF86A97B7EC}C:\\program files\\teamviewer3\\teamviewer.exe"= UDP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application "UDP Query User{1F8D100C-0197-468E-901F-4FD826479A98}C:\\program files\\teamviewer3\\teamviewer.exe"= TCP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application "TCP Query User{06C4EDA9-A953-44D6-B5AB-FEDB065A089C}C:\\program files\\teamviewer3\\teamviewer.exe"= UDP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application "{022562C1-482F-4E6E-B4CA-64B40C70C2B2}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{F8BA7BED-EF67-43C9-B619-C43CCB3DD165}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{B8D6E19B-ED2B-407D-B424-1F932513DF6A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{5E12F022-AD5D-4C30-BCDF-97D6ABAA35A1}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{78FF79AF-7138-44CC-AAE1-0107D2D62741}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{09998FC3-C318-4BFE-9FB6-1DA54A643582}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{E3465475-39E5-486C-B79A-E01DC96EE1AB}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{017C0FC8-2C75-410C-8CEC-0F5DB1CDC688}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{8B38C591-86AA-4AC5-BF1B-8D86EA30F967}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "UDP Query User{666EC2E2-48B2-4FD4-8340-18B39D154E58}D:\\instantrails-2.0-win\\ruby\\bin\\ruby.exe"= TCP:D:\instantrails-2.0-win\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32] "TCP Query User{8572108F-3DCC-4484-9E1B-34DC99DA09CE}D:\\instantrails-2.0-win\\ruby\\bin\\ruby.exe"= UDP:D:\instantrails-2.0-win\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32] "UDP Query User{015FE75F-BB7C-44F8-AB1E-39FFA161710C}D:\\instantrails-2.0-win\\apache\\apache.exe"= TCP:D:\instantrails-2.0-win\apache\apache.exe:Apache "TCP Query User{D1C20E12-A85A-46AC-A146-912EB9CD800F}D:\\instantrails-2.0-win\\apache\\apache.exe"= UDP:D:\instantrails-2.0-win\apache\apache.exe:Apache "UDP Query User{B1926648-4FAD-4163-9DCB-458270EF9246}D:\\apache\\ruby\\bin\\ruby.exe"= TCP:D:\apache\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32] "TCP Query User{A15F7E20-E100-4BD5-895A-238FA761E8E9}D:\\apache\\ruby\\bin\\ruby.exe"= UDP:D:\apache\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32] "UDP Query User{8FA441D9-DFE9-4A9E-BC06-3B5B95A1333A}D:\\work station\\ruby\\bin\\ruby.exe"= TCP:D:\work station\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32] "TCP Query User{BAC8B222-A351-4018-B7A0-4EAFAC5660EE}D:\\work station\\ruby\\bin\\ruby.exe"= UDP:D:\work station\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32] "UDP Query User{E0ECFD8E-B617-477E-894A-1AB943C3569C}C:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= TCP:C:\aptana\aptana studio\jre\bin\javaw.exe:Java™ Platform SE binary "TCP Query User{A3F25375-5F1A-4A18-8587-74A47740B083}C:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= UDP:C:\aptana\aptana studio\jre\bin\javaw.exe:Java™ Platform SE binary "UDP Query User{DA69BCC6-6267-4A22-85AB-B9B801E03F42}C:\\program files\\bitnami rubystack\\ruby\\bin\\ruby.exe"= TCP:C:\program files\bitnami rubystack\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32] "TCP Query User{E65E2548-0020-4D68-A488-03FC33C0358F}C:\\program files\\bitnami rubystack\\ruby\\bin\\ruby.exe"= UDP:C:\program files\bitnami rubystack\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32] "UDP Query User{0F17CBBF-E746-42CD-9732-549F882126DB}C:\\program files\\bitnami rubystack\\apache2\\bin\\httpd.exe"= TCP:C:\program files\bitnami rubystack\apache2\bin\httpd.exe:Apache HTTP Server "TCP Query User{B0BFF1BE-7B86-49C9-9D06-D669B0320351}C:\\program files\\bitnami rubystack\\apache2\\bin\\httpd.exe"= UDP:C:\program files\bitnami rubystack\apache2\bin\httpd.exe:Apache HTTP Server "{298132F9-0810-464E-97CD-45B549A1E882}"= UDP:3306:mysql "{F4E023D7-92B8-4425-8624-9518E975F1A8}"= TCP:C:\Windows\System32\lxbvcoms.exe:Lexmark Communications System "{AF59B1D8-34FA-4529-9D6E-74D81AB21FDF}"= UDP:C:\Windows\System32\lxbvcoms.exe:Lexmark Communications System "UDP Query User{87A3B2EC-4A56-4C81-8FC3-9516157BFF54}C:\\program files\\realvnc\\vnc4\\winvnc4.exe"= TCP:C:\program files\realvnc\vnc4\winvnc4.exe:VNC Server Free Edition for Win32 "TCP Query User{2EE9AA1A-5D47-461F-80A0-0517D84AF37A}C:\\program files\\realvnc\\vnc4\\winvnc4.exe"= UDP:C:\program files\realvnc\vnc4\winvnc4.exe:VNC Server Free Edition for Win32 "UDP Query User{C547C190-A5D8-41A8-AD08-A4BD1329D604}C:\\program files\\zend\\zendstudio-5.5.0\\jre\\bin\\javaw.exe"= TCP:C:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe:Java™ 2 Platform Standard Edition binary "TCP Query User{52829669-FFC8-484F-9048-DFA6D246A0FA}C:\\program files\\zend\\zendstudio-5.5.0\\jre\\bin\\javaw.exe"= UDP:C:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe:Java™ 2 Platform Standard Edition binary "UDP Query User{D975C1D4-A1C9-48E3-87AF-E3DC27F5D8F5}D:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= TCP:D:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server "TCP Query User{44F0D3D9-9FE1-492F-BA08-516D9E7A10BF}D:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= UDP:D:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server "UDP Query User{C5D174F4-D5B9-41E6-8907-3B8DA210990A}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader "TCP Query User{74AB5C78-A20D-4B31-9FF3-E122051E5EEF}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader "{7C725B5A-F58A-4B3F-A704-D48CAF05D38F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{24881520-20F6-4B70-9151-2885EBA28CE4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{20DD4C3A-B692-4712-B4CC-2E2E5EF49C10}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{79F7D602-1FCE-4E22-8757-5394032230B4}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "UDP Query User{5D6561C9-925F-43A6-8EDE-4053C38F259B}C:\\users\\saleiz\\appdata\\roaming\\maxthon\\maxthon.exe"= TCP:C:\users\saleiz\appdata\roaming\maxthon\maxthon.exe:maxthon.exe "TCP Query User{B29D04B7-EF00-4EA8-8FBE-A6667A62560D}C:\\users\\saleiz\\appdata\\roaming\\maxthon\\maxthon.exe"= UDP:C:\users\saleiz\appdata\roaming\maxthon\maxthon.exe:maxthon.exe "UDP Query User{F72D574D-6846-459F-A7EA-EE9AA3200785}C:\\program files\\yahoo!\\messenger\\yserver.exe"= TCP:C:\program files\yahoo!\messenger\yserver.exe:YServer Module "TCP Query User{7510F8B2-C79D-49C8-8E63-1A508834D8C4}C:\\program files\\yahoo!\\messenger\\yserver.exe"= UDP:C:\program files\yahoo!\messenger\yserver.exe:YServer Module "UDP Query User{930ECA3B-98C3-46FB-84AB-022F38B46E87}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando "TCP Query User{DB336135-2CA6-4BBC-AC95-A4A7453B6BDC}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando "UDP Query User{C476947C-8A05-4E40-8ADE-C367F37280DE}C:\\program files\\sparvoip\\sparvoip.exe"= TCP:C:\program files\sparvoip\sparvoip.exe:Client to make VoIP calls. "TCP Query User{4D7DBC62-F73C-4969-A74B-E143C819B35C}C:\\program files\\sparvoip\\sparvoip.exe"= UDP:C:\program files\sparvoip\sparvoip.exe:Client to make VoIP calls. "{35DCDE63-690F-449A-A0D0-1C879FA70CE1}"= TCP:C:\Program Files\SparVoip\SparVoip.exe:SparVoip "{98B6B260-3C00-4390-94CA-6B984998CA2A}"= UDP:C:\Program Files\SparVoip\SparVoip.exe:SparVoip "UDP Query User{0E5852BC-6F8A-4B3B-BA43-AE3F935B87FA}C:\\users\\saleiz\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\saleiz\program files\utorrent\utorrent.exe:utorrent.exe "TCP Query User{931A0AC0-B1E0-47C4-8F36-B4546BB8F4DB}C:\\users\\saleiz\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\saleiz\program files\utorrent\utorrent.exe:utorrent.exe "UDP Query User{BC4E2D0A-C993-4BC0-A5FB-A207057E0BBC}C:\\program files\\lowratevoip\\lowratevoip.exe"= TCP:C:\program files\lowratevoip\lowratevoip.exe:Client to make VoIP calls. "TCP Query User{0B3595F1-D568-42BE-8B93-DA3FCDB53552}C:\\program files\\lowratevoip\\lowratevoip.exe"= UDP:C:\program files\lowratevoip\lowratevoip.exe:Client to make VoIP calls. "UDP Query User{D7F7F14B-4B1E-4141-8630-A1F2663B6E15}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "TCP Query User{816F875E-AF28-4CB6-ACA5-2B4F32F6C849}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "{FF73F96E-B1CD-4AAE-B157-68A0A0AB60FB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{8CFAC65B-8BDA-469B-BC31-13C98C99F9C1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "UDP Query User{0F058EEC-FFA7-4557-B018-F69FCFF8144E}C:\\program files\\samsungplayer\\ps_olect.exe"= TCP:C:\program files\samsungplayer\ps_olect.exe:ps_olect "TCP Query User{584C8E20-B972-43CB-AFCE-4353B97F4AB8}C:\\program files\\samsungplayer\\ps_olect.exe"= UDP:C:\program files\samsungplayer\ps_olect.exe:ps_olect "{7670FA25-BDAD-4B06-A8BA-34CC5E8660B0}"= TCP:C:\Program Files\LowRateVoip\LowRateVoip.exe:LowRateVoip "{66803885-EC7E-4D2C-918C-9043D1E08074}"= UDP:C:\Program Files\LowRateVoip\LowRateVoip.exe:LowRateVoip "UDP Query User{A5631CCF-4653-47BD-96BA-32FAFFE7529E}C:\\users\\saleiz\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\saleiz\program files\utorrent\utorrent.exe:utorrent.exe "TCP Query User{EA9D3F2A-32EC-4BB7-8E1E-1EACC6B63E50}C:\\users\\saleiz\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\saleiz\program files\utorrent\utorrent.exe:utorrent.exe "{C73DE61F-C658-4405-BA84-984FF4CDA571}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{26FD02F3-BC84-4B9F-8500-DE5BB1D9B87F}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{C07C6937-0035-44A8-A31D-51F131678A0D}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{9A08F3DE-F69C-40B5-B780-78B8522D70DC}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{7DEB1697-FAEA-4A73-B305-30583DF080EB}"= TCP:6004\|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{06C8B900-A7C3-4F5D-B647-4DF21F524AD0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{83BD13AD-C541-49E0-ADA5-53D146B11E4B}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "{89C10EE7-DCDE-48C8-AD8D-AD1A48935F1A}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "{F63E9C8C-7459-42F3-BBF1-FFE20550B156}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk "{32AEED7E-E567-46CF-AC9E-EBC4BF518117}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk "{73315980-C296-4D1D-810D-B0C4D401E496}"= UDP:C:\Windows\System32\mpxa.exe:mpxa "{4A9361C7-83C1-49AE-B63B-43BEB469B944}"= TCP:C:\Windows\System32\mpxa.exe:mpxa "{21C72D4F-872E-44DC-A450-72EEB66DA45C}"= UDP:C:\Users\saleiz\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{98F0748A-4922-4E64-A15D-62E05D04A7EE}"= TCP:C:\Users\saleiz\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{05E440F8-2526-4764-9222-9BB159B6E5AF}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe::Enabled:FlashFXP v3 R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2007-03-07 13:16] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-03 18:47] R1 mchInjDrv;madCodeHook DLL injection driver;C:\Windows\system32\Drivers\mchInjDrv.sys [2008-08-17 15:55] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24] R2 Apache2.2;Apache2.2;D:\Apache\bin\httpd.exe [2007-09-05 09:59] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-17 17:36] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 18:47] R2 BcmSqlStartupSvc;SQL Server-Startdienst für Business Contact Manager;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 10:51] R2 lxbv_device;lxbv_device;C:\Windows\system32\lxbvcoms.exe [2007-04-25 14:18] R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;C:\Folding\smpd.exe [2007-01-31 20:29] R2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 22:22] R2 TeamViewer;TeamViewer 3;C:\Program Files\TeamViewer3\TeamViewer_Host.exe [2007-12-17 12:53] R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-08-17 17:36] S2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe [2006-03-24 23:34] S2 gupdate1c8f6f592fa0b60;Google Update Service (gupdate1c8f6f592fa0b60);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-05 14:19] S2 vvdsvc;VJVodServices;C:\Windows\System32\svchost.exe [2008-01-21 04:21] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 22:08] S3 PCANDIS4;PCANDIS4 Protocol Driver;C:\Program Files\Ugutil\program\PCANDIS4.SYS [2001-04-19 04:26] S3 RTCore32;RTCore32;C:\Program Files\RMClock\RTCore32.sys [2005-05-25 10:39] S3 tap0801;TAP-Win32 Adapter V8;C:\Windows\system32\DRIVERS\tap0801.sys [2006-10-01 14:37] S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:21] S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ vvdsvc REG_MULTI_SZ vvdsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . Inhalt des "geplante Tasks" Ordners 2008-08-18 C:\Windows\Tasks\GoogleUpdateTask.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-05 14:19] 2008-08-18 C:\Windows\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe [2008-08-17 16:35] 2008-08-17 C:\Windows\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe [2008-08-17 16:35] 2008-07-11 C:\Windows\Tasks\Upload Weeds.job - C:\Program Files\Ipswitch\WS_FTP Professional\wsftppro.exe [2007-12-07 13:38] 2007-05-18 C:\Windows\Tasks\User_Feed_Synchronization-{6DB62E65-AEE8-463C-AE41-01F830DFEFF9}.job - C:\Windows\system32\msfeedssync.exe [2008-01-21 04:23] . . ------- Zus„tzlicher Scan ------- . FireFox -: Profile - C:\Users\saleiz\AppData\Roaming\Mozilla\Firefox\Profiles\ssoct25g.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.bootleggers.us/ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\Google\Update\1.2.121.17\npGoogleOneClick.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-18 04:19:32 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... C:\Windows\TEMP\4cb741b6-cd16-4588-bcd8-4acf613b2c4a.tmp 0 bytes C:\Windows\TEMP\9858f926-6195-4bb3-802f-510b6bcd9237.tmp 0 bytes C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EB7B022\dnserrordiagoff_webOC[1] 6914 bytes C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EB7B022\errorPageStrings[2] 978 bytes C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EB7B022\info_48[1] 6993 bytes C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3QA69EQ\ErrorPageTemplate[1] 2168 bytes C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1HF3Q3C\background_gradient[2] 453 bytes C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1HF3Q3C\httpErrorPagesScripts[3] 7579 bytes C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4OXVDJH\bullet[4] 3169 bytes C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4OXVDJH\down[1] 3414 bytes Scan erfolgreich abgeschlossen versteckte Dateien: 10 ********************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- Prozess: C:\Windows\Explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll . ------------------------ Weitere, laufende Prozesse ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Sygate\SPF\Smc.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\System32\LEXBCES.EXE C:\Windows\System32\LEXPPS.EXE C:\Windows\System32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\iFtpSvc\iFtpSvc.exe D:\Apache\MySQL\bin\mysqld-nt.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe C:\Windows\System32\WUDFHost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Windows\System32\UI0Detect.exe C:\Windows\System32\conime.exe C:\Program Files\Samsung\Easy Display Manager\DisplayManager.exe C:\Windows\System32\igfxext.exe C:\Windows\System32\igfxsrvc.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Windows\System32\UI0Detect.exe . ************************************************************************ . Zeit der Fertigstellung: 2008-08-18 4:34:44 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2008-08-18 02:34:17 Pre-Run: 7,585,656,832 Bytes frei Post-Run: 6,812,024,832 Bytes frei 472 --- E O F --- 2008-08-14 22:53:27

Yourhighness View Member Profile	Sep 4 2008, 03:29 PM Post #10
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,644 Joined: 20-April 06 From: Hamburg Member No.: 64,788	hi slumbermann, QUOTE Thank you for your reply, i've uninstalled Online Poker as i dont really use it. Regarding CCleaner, i find it really usefull for cleaning up my temporary data and some unuse things. But if you say it not good for the pc overall performance, could you please advice me what how can i keep my data clean, not filled up with unneccessary things, because its sometimes goes up to 2Gb of waste junk. I cannot and will not force you to uninstall CCleaner, I am just trying to point out its dangers. A safer tool would be something like this: ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main "Select Files to Delete" choose: Select All. Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. QUOTE ...view 3D model in various sites... Do you know the file extensions for those models? That would help. Please do this next: Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page. Please download SDFix by AndyManchesta and save it to your desktop. When using this tool, you must use the Administrator's account* or an account with "Administrative rights"* Double click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet. Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Open the SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. Copy and paste the contents of the results file Report.txt in your next replyalong with a new HijackThis log. -- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..." Please go to Start Menu > Run > and copy/paste the following line: %systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg Press Ok and then run SDFix again. -- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe. %SystemRoot%\system32\cmd.exe Thanks! -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE -

slumbermann View Member Profile	Sep 4 2008, 04:19 PM Post #11
New Member Group: Members Posts: 12 Joined: 17-August 08 Member No.: 230,801	Hi Yourhighness, Thank a lot for your recommendation, i will take a look at that. but basically, all you are saying, ccleaner is not good for the registry part. But other than that, its will cause no danger rite? cause all the program doing is uninstall software, or control the startup n clean up browser/apps unneeded files. I tried downloading SDFix, n install it onto C:\ but when i reboot to Safe Mode, and then try to run RunThis.bat by double clicking or using command prompt. I will see for short time a blue screen windows opening, then disappear. So i dont really have the chance to press "Y" key or do anything. and after reboot, i see not Report.txt too. So i think the software can't run on my system. Are you sure the SDFix support Vista operating system? cause all i can see in SDFix folder is XP_VirusAlert_Repair and W2K_VirusAlert_Repair. But i still run the HJT one more time and below are the log. Could you tell me what you still suspect still in my pc from my previous log? I begin to wonder cause you keep giving me solution without telling me the cause. But i really appreciate your help up till now... Thank you very much... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:11:31, on 2008-09-04 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Athan\Athan.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\LowRateVoip\LowRateVoip.exe C:\Program Files\Nonoh.net\Nonoh\nonoh.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Users\saleiz\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Thunderbird-Tray\TBTray.exe C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Samsung\Easy Display Manager\DisplayManager.exe C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Windows\system32\igfxext.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized O4 - HKCU\..\Run: [Nonoh] "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\saleiz\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/incl...vzTCPConfig.CAB O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://203.141.196.52/SysCamInst.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.yobcast.tv/download/yobcast.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\Apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c8f6f592fa0b60) (gupdate1c8f6f592fa0b60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe O23 - Service: Ipswitch WS_FTP Service (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Folding\smpd.exe O23 - Service: MySQL - Unknown owner - D:\Apache\MySQL\bin\mysqld-nt (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe -- End of file - 17148 bytes

Yourhighness View Member Profile	Sep 7 2008, 04:40 AM Post #12
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,644 Joined: 20-April 06 From: Hamburg Member No.: 64,788	hi, i have not forgotten you. sorry for the delay. I was kind of busy and had to format my pc once again. I shall reply asap. Thanks! -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE -

slumbermann View Member Profile	Sep 7 2008, 10:14 PM Post #13
New Member Group: Members Posts: 12 Joined: 17-August 08 Member No.: 230,801	okay... i hope i wont need that.. Cheers, Thank you

Yourhighness View Member Profile	Sep 8 2008, 02:06 AM Post #14
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,644 Joined: 20-April 06 From: Hamburg Member No.: 64,788	Hi slumbermann, sorry bout SDFix. For a second I forgot that you have Vista . I was going to see if you have still some indications of this on your pc. Next, I wanted to pass on this information to you: Please note that you are infected with a trojan or a Backdoor. Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately: Disconnect the infected computer from the internet until the computer can be cleaned. From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... (Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information). Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall? However, since the infection looks relatively small from first sight, I am happy to try and clean your PC (I am just providing you with the above information to underline the impact that can occur with files like these on your pc). Should you have any questions, please feel free to ask. Now, on to the fix. Step #1 Please download Superantispyware Load Superantispyware and click the check for updates button. Once the update is finished click the scan your computer button. Check Perform Complete Scan and then next. Superantispyware will now scan your computer and when its finished it will list all the infections it has found. Make sure that they all have a check next to them and press next. Click finish and you will be taken back to the main interface. Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear. Copy and paste the log onto the forum. Step #2 Please go to Eset Onlinescan (NOD32) (You need to use InternetExplorer or enable IEView in Firefox) You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use Now click Start Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes Click Start (the Onlinescanner will now prepare itself for running on your pc) To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications" Press Scan The Onlinescan will now start and scan your pc (this could take a while) When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt The Scanresults will now open in Notepad Click into the text area, right-click and chose "select all" (or use ctrl+a) Right-click again and chose "copy" (or ctrl+c) Close Notepad Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created. Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.) Step #3 Please post back with the logs. Thanks! -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE -

slumbermann View Member Profile	Sep 8 2008, 02:37 AM Post #15
New Member Group: Members Posts: 12 Joined: 17-August 08 Member No.: 230,801	Regarding the NOD32 online scanner. I have the NOD32 Smart Suite installed on my system... Can i just use that? cause after all... its the same provider... or still i need to use the online scanner ?

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th November 2009 - 08:05 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides