Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected : Spyware/virus, Not Sure


  • Please log in to reply
10 replies to this topic

#1 Dinamit04

Dinamit04

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 02 August 2007 - 08:40 AM

Hello,
I have a laptop and have recently noticed that is starting to slow down. My computer also started rebooting, sometimes shutting down on its own. I also got pop ups saying: Notice, your computer keeps track of all the adult sites you visited and may result in corrupting your carrer and marriage or something like that, im not sure, then it asks me if i want to download DriveCleaner to remove the tracks my computer leaves behind. I have Kaspersky antivirus on my computer and keep it updated. Those things happened after Kaspersky told me that my computer has been attacked from the internet from a specific ip address but has been reppelled. I also use and update spybot daily and dont get any results, but after this, i got results such as smitfraud, doubleclick, virtumonde, reliablestats, Winsoftware.WinAntiVirusPro 2006, and Winsoftware. I fix the results with spybot but keep reapearing when i search again after a while. Also when my antivirus does its daily computer scan, sometimes it finds infected files. Please, can someone help me?

Here is my HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:10:20 PM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
D:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\Folder Lockbox\flockbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\WISPTIS.EXE
D:\Program Files\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [flockbox] D:\Program Files\Folder Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\djumfrlc.dll",forkonce
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78A5D92B-8372-4FA1-98A9-5D5D29212694}: NameServer = 212.14.234.36 213.244.72.31
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

BC AdBot (Login to Remove)

 


#2 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 07 August 2007 - 09:12 AM

Hello Dinamit04, sorry for the delay. I'm just looking over your log and will get back to you soon.

#3 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 07 August 2007 - 02:27 PM

Hello Dinamit04, my name is Rorschach and I'll be helping you with your problems.


Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.



Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm


Next :

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

So in your next reply please post the following : the VundoFix text, the SmitfraudFix report, the two DSS texts in full, and tell me how your PC is running now and if you had any problems.

#4 Dinamit04

Dinamit04
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 07 August 2007 - 04:09 PM

First of all, i would like to thank you for replying and for trying to help me with my problems.

I have done what you asked me to, and my computer is running better now, but still slow and jerky at times. The number of times the computer is crashing has greatly reduced also. Here are the logs:

VundoFix Log:


VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 10:58:01 PM 8/7/2007

Listing files found while scanning....

C:\windows\system32\aavgnutm.ini
C:\windows\system32\bmqoftbv.ini
C:\windows\system32\clrfmujd.ini
C:\windows\system32\djkdnxal.ini
C:\windows\system32\djumfrlc.dll
C:\windows\system32\exfgfvcv.ini
C:\WINDOWS\system32\gebyv.dll
C:\windows\system32\gtbmjkfi.ini
C:\windows\system32\hipyoxio.ini
C:\windows\system32\ifkjmbtg.dll
C:\windows\system32\laxndkjd.dll
C:\WINDOWS\system32\mtungvaa.dll
C:\windows\system32\ngskpfct.dll
C:\windows\system32\oixoypih.dll
C:\windows\system32\tcfpksgn.ini
C:\WINDOWS\system32\tuvutrp.dll
C:\windows\system32\uofbcjru.dll
C:\windows\system32\urjcbfou.ini
C:\windows\system32\vbtfoqmb.dll
C:\windows\system32\vcvfgfxe.dll
C:\WINDOWS\system32\yakjcysv.dll

Beginning removal...

Attempting to delete C:\windows\system32\aavgnutm.ini
C:\windows\system32\aavgnutm.ini Has been deleted!

Attempting to delete C:\windows\system32\bmqoftbv.ini
C:\windows\system32\bmqoftbv.ini Has been deleted!

Attempting to delete C:\windows\system32\clrfmujd.ini
C:\windows\system32\clrfmujd.ini Has been deleted!

Attempting to delete C:\windows\system32\djkdnxal.ini
C:\windows\system32\djkdnxal.ini Has been deleted!

Attempting to delete C:\windows\system32\djumfrlc.dll
C:\windows\system32\djumfrlc.dll Has been deleted!

Attempting to delete C:\windows\system32\exfgfvcv.ini
C:\windows\system32\exfgfvcv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyv.dll Has been deleted!

Attempting to delete C:\windows\system32\gtbmjkfi.ini
C:\windows\system32\gtbmjkfi.ini Has been deleted!

Attempting to delete C:\windows\system32\hipyoxio.ini
C:\windows\system32\hipyoxio.ini Has been deleted!

Attempting to delete C:\windows\system32\ifkjmbtg.dll
C:\windows\system32\ifkjmbtg.dll Has been deleted!

Attempting to delete C:\windows\system32\laxndkjd.dll
C:\windows\system32\laxndkjd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mtungvaa.dll
C:\WINDOWS\system32\mtungvaa.dll Has been deleted!

Attempting to delete C:\windows\system32\ngskpfct.dll
C:\windows\system32\ngskpfct.dll Has been deleted!

Attempting to delete C:\windows\system32\oixoypih.dll
C:\windows\system32\oixoypih.dll Has been deleted!

Attempting to delete C:\windows\system32\tcfpksgn.ini
C:\windows\system32\tcfpksgn.ini Has been deleted!

Attempting to delete C:\windows\system32\uofbcjru.dll
C:\windows\system32\uofbcjru.dll Has been deleted!

Attempting to delete C:\windows\system32\urjcbfou.ini
C:\windows\system32\urjcbfou.ini Has been deleted!

Attempting to delete C:\windows\system32\vbtfoqmb.dll
C:\windows\system32\vbtfoqmb.dll Has been deleted!

Attempting to delete C:\windows\system32\vcvfgfxe.dll
C:\windows\system32\vcvfgfxe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yakjcysv.dll
C:\WINDOWS\system32\yakjcysv.dll Has been deleted!

Performing Repairs to the registry.
Done!


SmitfraudFix Log:

SmitFraudFix v2.209

Scan done at 23:06:52.95, Tue 08/07/2007
Run from C:\Documents and Settings\w\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\Folder Lockbox\flockbox.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\w


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\w\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\w\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll,\"C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll\""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{77374797-19F4-497D-9157-4049A7E3769F}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{77374797-19F4-497D-9157-4049A7E3769F}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{77374797-19F4-497D-9157-4049A7E3769F}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


DSS Logs:[/b]

Main.txt:

Deckard's System Scanner v20070804.61
Run by w on 2007-08-07 at 23:10:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-08-07 20:10:31 UTC - RP113 - Deckard's System Scanner Restore Point
1: 2007-08-06 11:00:43 UTC - RP112 - Installed Kaspersky Internet Security 6.0.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as w.exe) ---------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:13:29 PM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\Folder Lockbox\flockbox.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Documents and Settings\w\Desktop\dss.exe
D:\PROGRA~1\HIJACK~1\w.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30CBA472-5548-4B94-A755-46331FB876AE} - C:\WINDOWS\system32\gebyv.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [flockbox] D:\Program Files\Folder Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: wbsys.dll,"C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: tuvutrp - tuvutrp.dll (file missing)
O20 - Winlogon Notify: WB - D:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


-- HijackThis Fixed Entries (D:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070613-124817-620 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S2 gafwload (GlobeSpan USB ADSL Loader) - c:\windows\system32\drivers\gafwload.sys <Not Verified; GlobeSpan Inc.; GlobeSpan USB ADSL Firmware Loader>
S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.3301>
S3 ids00026 - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00026.sys (file missing)
S3 wanusb (GlobeSpan USB ADSL WAN Modem) - c:\windows\system32\drivers\gwausb.sys <Not Verified; GlobeSpan Inc.; GlobeSpan WAN ADSL USB Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 AresChatServer (Ares Chatroom server) - d:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-06-09 09:53:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-07-07 and 2007-08-07 -----------------------------

2007-08-07 23:06:59 3384 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 23:06:13 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-07 23:06:13 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-07 23:06:12 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-07 22:58:01 0 d-------- C:\VundoFix Backups
2007-08-07 12:06:57 713619 ---hs---- C:\WINDOWS\system32\vybeg.ini2
2007-08-06 14:09:38 0 d-------- C:\sierra
2007-08-06 14:01:20 49184 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-06 14:01:20 4838432 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-06 14:01:20 0 d-------- C:\Program Files\Kaspersky Lab
2007-08-06 14:01:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-06 13:52:10 0 d-------- C:\kav
2007-08-03 20:57:18 90112 --a------ C:\WINDOWS\system32\hpqnt.dll <Not Verified; Hewlett-Packard Development Company, L.P.; hpqnt Dynamic Link Library>
2007-08-02 15:46:08 0 d-------- C:\Documents and Settings\w\Application Data\AdobeUM
2007-08-02 15:45:36 0 d-------- C:\Documents and Settings\w\Application Data\Adobe
2007-08-02 15:45:34 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-01 13:02:50 0 d-------- C:\Program Files\uTorrent
2007-08-01 10:29:58 724232 --ahs---- C:\WINDOWS\system32\vybeg.bak2
2007-07-31 14:34:02 6466 --ahs---- C:\WINDOWS\system32\vybeg.bak1
2007-07-29 22:02:52 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-07-29 21:36:59 0 d-------- C:\Documents and Settings\w\Application Data\U3
2007-07-27 16:03:51 0 d-------- C:\Program Files\Common Files\Vivendi Universal
2007-07-24 10:57:05 90112 --a------ C:\WINDOWS\system32\gsicon.exe <Not Verified; GlobeSpan, Inc.; DSL Modem>
2007-07-24 10:57:05 250706 --a------ C:\WINDOWS\system32\drivers\gwausb.sys <Not Verified; GlobeSpan Inc.; GlobeSpan WAN ADSL USB Modem>
2007-07-24 10:57:04 16384 --a------ C:\WINDOWS\system32\dslagent.exe
2007-07-24 10:57:04 27083 --a------ C:\WINDOWS\system32\drivers\gafwload.sys <Not Verified; GlobeSpan Inc.; GlobeSpan USB ADSL Firmware Loader>
2007-07-24 10:57:04 25088 --a------ C:\WINDOWS\system32\CoInst.dll
2007-07-24 10:57:01 24576 --a------ C:\WINDOWS\system32\delaySpawn.exe
2007-07-24 10:57:01 0 d-------- C:\Program Files\GlobeSpan
2007-07-24 10:56:31 98304 --a------ C:\WINDOWS\system32\instDll.dll
2007-07-24 10:56:31 110592 --a------ C:\WINDOWS\system32\gspnDll.dll
2007-07-19 23:26:58 0 d-------- C:\Documents and Settings\w\Application Data\InstallShield
2007-07-18 14:51:10 0 d-------- C:\WINDOWS\speech
2007-07-18 14:51:06 0 d-------- C:\WINDOWS\lhsp
2007-07-17 23:41:37 0 d-------- C:\Program Files\SCC-TDS


-- Find3M Report ---------------------------------------------------------------

2007-08-07 19:40:39 0 d-------- C:\Documents and Settings\w\Application Data\uTorrent
2007-08-07 18:39:34 40 --a------ C:\WINDOWS\RSoftInfo.dat
2007-08-03 21:03:03 0 d-------- C:\Program Files\Hewlett-Packard
2007-08-03 20:57:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 12:06:16 978 --a------ C:\WINDOWS\eReg.dat
2007-08-02 15:45:34 0 d-------- C:\Program Files\Common Files
2007-07-24 12:43:26 0 d-------- C:\Documents and Settings\w\Application Data\IGN_DLM
2007-07-17 04:09:26 0 d-------- C:\Documents and Settings\w\Application Data\Xfire
2007-07-04 00:43:58 0 d-------- C:\Program Files\MSBuild
2007-07-04 00:39:53 0 d-------- C:\Program Files\Reference Assemblies
2007-07-04 00:34:04 0 d-------- C:\Documents and Settings\w\Application Data\iMesh
2007-07-03 21:49:33 0 d-------- C:\Program Files\Common Files\Stardock
2007-06-30 15:34:41 0 d-------- C:\Program Files\GameSpy Arcade
2007-06-23 12:31:43 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-06-23 12:31:34 0 d-------- C:\Program Files\ACD Systems
2007-06-21 15:18:44 280058 --a------ C:\Documents and Settings\w\Application Data\NMM-MetaData.db
2007-06-21 00:32:04 0 d-------- C:\Documents and Settings\w\Application Data\Nokia
2007-06-16 21:49:55 0 d-------- C:\Program Files\Microsoft Games
2007-06-14 00:09:43 0 d-------- C:\Documents and Settings\w\Application Data\Real
2007-06-14 00:08:17 0 d-------- C:\Program Files\Common Files\xing shared
2007-06-14 00:08:16 0 d-------- C:\Program Files\Common Files\Real
2007-06-13 12:26:06 0 d-------- C:\Documents and Settings\w\Application Data\Uniblue
2007-06-07 17:36:15 0 d-------- C:\Program Files\Apple Software Update
2007-06-04 23:09:25 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-05-30 14:54:23 352256 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2007-05-21 19:41:52 575937 --a------ C:\WINDOWS\[Sas's] - SteaM Uninstaller.exe
2007-05-20 21:16:30 32 --a------ C:\WINDOWS\go
2007-05-19 19:20:45 62 --ahs---- C:\Documents and Settings\w\Application Data\desktop.ini
2007-05-19 16:30:54 0 -rahs---- C:\MSDOS.SYS
2007-05-19 16:30:54 0 -rahs---- C:\IO.SYS
2007-05-19 16:30:54 0 --a------ C:\CONFIG.SYS
2007-05-19 16:30:54 0 --a------ C:\AUTOEXEC.BAT
2007-05-19 16:27:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30CBA472-5548-4B94-A755-46331FB876AE}]
C:\WINDOWS\system32\gebyv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/06/2005 02:06 PM]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/02/2006 03:39 PM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [06/06/2006 10:09 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [06/06/2006 10:10 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [06/06/2006 10:06 AM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [02/14/2006 10:49 AM]
"AGRSMMSG"="AGRSMMSG.exe" [12/12/2005 03:00 PM C:\WINDOWS\AGRSMMSG.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/14/2007 12:08 AM]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 01:20 PM]
"flockbox"="D:\Program Files\Folder Lockbox\flockbox.exe" [02/18/2007 03:28 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 09:11 AM]
"GSICONEXE"="GSICON.EXE" [01/31/2002 10:44 PM C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [01/31/2002 10:39 PM C:\WINDOWS\system32\dslagent.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [11/08/2006 06:28 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"igndlm.exe"="D:\Program Files\Download Manager\DLM.exe" [03/06/2007 12:57 AM]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [04/04/2007 01:29 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2/15/2006 4:16:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"=0 (0x0)
"NoStrCmpLogical"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"=0 (0x0)
"NoStrCmpLogical"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvutrp]
tuvutrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
D:\Program Files\AlienGUIse\fastload.dll 12/20/2001 11:34 PM 24576 D:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll,"C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{132c7d84-1738-11dc-bf12-001302c2b092}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rose.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f59dc8e-0afc-11dc-bee8-001302c2b092}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abea1a18-3e02-11dc-bf8d-001302c2b092}]
AutoRun\command- H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d765f29c-13f6-11dc-bf0f-001302c2b092}]
AutoRun\command- I:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6f76d60-0862-11dc-bee2-001302c2b092}]
AutoRun\command- H:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-08-07 at 23:23:16 ---------



[b]Extra.txt:


Deckard's System Scanner v20070804.61
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2050 @ 1.60GHz
CPU 1: Genuine Intel® CPU T2050 @ 1.60GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1015.36 MiB / 642.51 MiB
Pagefile Memory (total/avail): 2441.73 MiB / 2149.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1965.41 MiB

C: is Fixed (NTFS) - 39.06 GiB total, 6.37 GiB free.
D: is Fixed (NTFS) - 35.46 GiB total, 0.15 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
I: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Kaspersky Internet Security v6.0.1.411 (A)
AV: Kaspersky Internet Security v6.0.1.411 (`)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Program Files\\Valve\\hl.exe"="D:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="D:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"F:\\Games\\Gunz The Duel\\GunzLauncher.exe"="F:\\Games\\Gunz The Duel\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\uTorrent\\utorrent.exe"="D:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\Ares\\Ares.exe"="D:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"D:\\Program Files\\Counter-Strike\\hl.exe"="D:\\Program Files\\Counter-Strike\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Program Files\\Counter-Strike\\hlds.exe"="D:\\Program Files\\Counter-Strike\\hlds.exe:*:Enabled:HLDS Launcher"
"D:\\Program Files\\Rockstar Games\\GTA Vice City\\gta-vc.exe"="D:\\Program Files\\Rockstar Games\\GTA Vice City\\gta-vc.exe:*:Enabled:gta-vc"
"D:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"="D:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme:*:Enabled:GunBound"
"D:\\Program Files\\OGPlanet\\BB Tanks\\GAME.exe"="D:\\Program Files\\OGPlanet\\BB Tanks\\GAME.exe:*:Enabled:BBTanks Launcher"
"D:\\Program Files\\Counter Strike 2D\\CounterStrike2D.exe"="D:\\Program Files\\Counter Strike 2D\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"D:\\Program Files\\Rockstar Games\\Midnight Club 2\\mc2.exe"="D:\\Program Files\\Rockstar Games\\Midnight Club 2\\mc2.exe:*:Enabled:mc2"
"D:\\Program Files\\Xfire\\Xfire.exe"="D:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"D:\\Program Files\\Call of Duty\\CoDMP.exe"="D:\\Program Files\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP"
"D:\\Valve\\Condition Zero\\czero.exe"="D:\\Valve\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher"
"D:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe"="D:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe:*:Enabled:Spy Sweeper"
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"="C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"D:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat"="D:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat:*:Enabled:game"
"D:\\Program Files\\Sierra\\FEAR\\FEAR.exe"="D:\\Program Files\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
"C:\\Stuff\\Program Files\\team 17\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"="C:\\Stuff\\Program Files\\team 17\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"D:\\Program Files\\Wipeer\\wipeer.exe"="D:\\Program Files\\Wipeer\\wipeer.exe:*:Enabled:WiPeer"
"D:\\Program Files\\Wipeer\\wipeerd\\wipeerd.exe"="D:\\Program Files\\Wipeer\\wipeerd\\wipeerd.exe:*:Enabled:wipeerd"
"D:\\Program Files\\Call of Duty\\CoDUOMP.exe"="D:\\Program Files\\Call of Duty\\CoDUOMP.exe:*:Disabled:CoDUOMP"
"C:\\Stuff\\Program Files\\team 17\\Worms World Party\\WWP\\wwp.exe"="C:\\Stuff\\Program Files\\team 17\\Worms World Party\\WWP\\wwp.exe:*:Enabled:Worms World Party"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat"="D:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat:*:Enabled:game"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\w\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DINAMIT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\w
LOGONSERVER=\\DINAMIT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\w\LOCALS~1\Temp
TMP=C:\DOCUME~1\w\LOCALS~1\Temp
USERDOMAIN=DINAMIT
USERNAME=w
USERPROFILE=C:\Documents and Settings\w
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

w (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
[Sas's] - SteaM --> C:\WINDOWS\[Sas's] - SteaM Uninstaller.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.42 --> "D:\Program Files\7-Zip\Uninstall.exe"
ACDSee 6.0 PowerPack --> MsiExec.exe /I{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-000000000001}
Age of Mythology Gold --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /uninstall
Agere Systems HDA Modem --> agrsmdel
AlienGUIse Theme Manager --> D:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Ares 2.0.8 --> "D:\Program Files\Ares\uninstall.exe"
Ares Galaxy FasterDownload 2.2 --> "D:\Program Files\Ares Galaxy FasterDownload\unins000.exe"
Barbie™ Sparkling Ice Show™ --> C:\Program Files\Common Files\Vivendi Universal\Uninstall\BarbieIceUn.exe
BB Tanks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62369BEF-F555-416C-9F03-47ABD02633E7}\Setup.exe"
biohazard 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}\install.exe" -l0x9 -removeonly
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Call of Duty --> D:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u D:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Call of Duty - United Offensive --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and ConquerTM Generals Zero Hour --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Counter-Strike: Condition Zero --> D:\Valve\CONDIT~1\UNWISE.EXE D:\Valve\CONDIT~1\INSTALL.LOG
DivX --> D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
Download Manager 2.3.6 --> D:\Program Files\Download Manager\uninst.exe
EA SPORTS online 2005 --> D:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
Folder Lockbox 1.1 for Windows 2000/XP --> "D:\Program Files\Folder Lockbox\unins000.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GlobeSpan DSL Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7B39B40-52C3-11D4-AFCE-00E0B8138A4A}\setup.exe" -l0x9 REMOVE
GTA - Vice City Deluxe --> "C:\Stuff\Program Files\Rockstar Games\GTA Vice City Deluxe\unins000.exe"
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\SETUP.EXE" -l0x9 -removeonly
GunboundWC --> "D:\Program Files\softnyx\unins000.exe"
Half-Life 2 Episode One --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{552D87B3-40CF-47CE-B92B-879C97753309}\setup.exe" -l0x9 -removeonly
Hamsterball Gold --> "D:\Program Files\Raptisoft\Hamsterball\unins000.exe"
Hide IP Platinum 3.21 --> "D:\Program Files\Hide IP Platinum\unins000.exe"
HijackThis 1.99.1 --> D:\Program Files\HijackThis\HijackThis.exe /uninstall
HP BatteryCheck 1.00 A7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69DAC00A-7665-4E9B-B441-093D40736429}\setup.exe" -l0x9 -removeonly uninst
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Quick Launch Buttons 6.00 D2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe" -l0x9 -removeonly uninst
HP Wireless Assistant 2.00 E1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\Setup.exe" -l0x9 hpquninst
Hunting Unlimited 2008 1.0 --> C:\Stuff\Program Files\Hunting Unlimited 2008\uninst.exe
Hunting Unlimited 4 1.0 --> D:\Program Files\Hunting Unlimited 4\uninst.exe
iMesh --> D:\PROGRA~1\IMESHA~1\iMesh\UNWISE.EXE D:\PROGRA~1\IMESHA~1\iMesh\INSTALL.LOG
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Kaspersky Internet Security 6.0 --> MsiExec.exe /I{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Need for Speed™ Most Wanted --> D:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng.exe /LANG="2057"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "D:\Program Files\PowerISO\uninstall.exe"
Prince of Persia - The Two Thrones --> C:\Program Files\InstallShield Installation Information\{D74EFD5D-3AB9-4B5B-9653-0215765DCE25}\setup.exe -runfromtemp -l0x0009 -removeonly
Project IGI --> C:\WINDOWS\unvise32.exe C:\Stuf\Program Files\Eidos Interactive\Project IGI\uninstal.log
Quake 4™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} /l1033
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 5.0 --> "D:\Program Files\Registry Mechanic\unins000.exe"
Return to Castle Wolfenstein --> D:\PROGRA~1\RETURN~1\Uninstall\Unwise.exe /u D:\PROGRA~1\RETURN~1\Uninstall\Install.log
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.4 --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> C:\Valve\Steam\UNWISE.EXE C:\Valve\Steam\INSTALL.LOG
Talking Buddy for Windows --> C:\Stuff\PROGRA~1\TALKIN~1\UNWISE.EXE C:\Stuff\PROGRA~1\TALKIN~1\INSTALL.LOG
Taxi3 eXtreme Rush 1.0 --> D:\PROGRA~1\TEAM6G~1\TAXI3E~1\Setup.exe /remove
Urban Freestyle Soccer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06218599-4129-435F-B099-AC6F96946A9E}\Setup.exe" -l0009
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
WinZip --> "D:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wipeer version 0.55 --> "D:\Program Files\Wipeer\unins000.exe"
Xfire (remove only) --> "D:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event ID #1667: Error
Event Submitted/Written: 08/07/2007 11:02:21 PM
Event Source: Userenv
Event Description:
This computer is in manual policy mode, but the policy file cannot be found. Windows is logging you on without applying any policy. Return value (The system cannot find the file specified. ).

Event ID #1663: Error
Event Submitted/Written: 08/07/2007 10:47:07 PM
Event Source: Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #1662: Error
Event Submitted/Written: 08/07/2007 10:47:07 PM
Event Source: Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #1661: Error
Event Submitted/Written: 08/07/2007 10:47:06 PM
Event Source: Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event ID #1655: Error
Event Submitted/Written: 08/07/2007 06:16:26 PM
Event Source: Userenv
Event Description:
This computer is in manual policy mode, but the policy file cannot be found. Windows is logging you on without applying any policy. Return value (The system cannot find the file specified. ).



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #9761: Error
Event Submitted/Written: 08/07/2007 11:02:46 PM
Event Source: Service Control Manager
Event Description:
The GlobeSpan USB ADSL Loader service failed to start due to the following error:
%%1058

Event ID #9760: Error
Event Submitted/Written: 08/07/2007 11:02:41 PM
Event Source: NETLOGON
Event Description:
This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Event ID #9749: Warning
Event Submitted/Written: 08/07/2007 10:49:50 PM
Event Source: bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Event ID #9738: Warning
Event Submitted/Written: 08/07/2007 10:36:18 PM
Event Source: Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001708303FE9. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event ID #9735: Error
Event Submitted/Written: 08/07/2007 07:24:15 PM
Event Source: ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2007-08-07 at 23:23:16 ---------



--------------------------------------------------------------------------------------------------

I also just want to tell you that spybot detected some things such as reliablestats, system doctor 2006, Virtumonde and others.

#5 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 08 August 2007 - 04:07 PM

Hello Dinamit04


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {30CBA472-5548-4B94-A755-46331FB876AE} - C:\WINDOWS\system32\gebyv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/season2/cabs/A18X.ocx
O20 - Winlogon Notify: tuvutrp - tuvutrp.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\vybeg.ini2
    C:\WINDOWS\system32\vybeg.bak2
    C:\WINDOWS\system32\vybeg.bak1
    C:\WINDOWS\RSoftInfo.dat
    C:\WINDOWS\eReg.dat
    H:\autorun.exe
    C:\WINDOWS\system32\rose.exe
    C:\WINDOWS\system32\copy.exe


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.



Next we need to make a back up of the registry :

Go to Start > Run
Type:regedit
Click OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put backup
  • Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.


Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{132c7d84-1738-11dc-bf12-001302c2b092}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f59dc8e-0afc-11dc-bee8-001302c2b092}]

[-HKEY_CLASSES_ROOT\CLSID\{132c7d84-1738-11dc-bf12-001302c2b092}]

[-HKEY_CLASSES_ROOT\CLSID\{6f59dc8e-0afc-11dc-bee8-001302c2b092}]

Then double click on the fix.reg file, when it prompts to merge click "Yes".



* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Double click the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

So in your next reply please post the following : a new DSS log, the OTMoveIt results, the Dr. Web Cureit report, and tell me how your PC is running now and if you had any problems.

#6 Dinamit04

Dinamit04
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 09 August 2007 - 07:28 AM

Hello,

Here are the logs:

A new DSS Log: only the main.txt showed:

Main.txt:

Deckard's System Scanner v20070804.61
Run by w on 2007-08-09 at 14:34:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as w.exe) ---------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:34:21 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\Folder Lockbox\flockbox.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Documents and Settings\w\Desktop\dss.exe
D:\PROGRA~1\HIJACK~1\w.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [flockbox] D:\Program Files\Folder Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: wbsys.dll,"C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WB - D:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


-- Files created between 2007-07-09 and 2007-08-09 -----------------------------

2007-08-09 12:26:04 0 d-------- C:\Documents and Settings\w\DoctorWeb
2007-08-09 12:13:08 80633026 --a------ C:\backup.reg
2007-08-07 23:06:59 3384 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-07 23:06:13 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-07 23:06:13 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-07 23:06:12 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-07 22:58:01 0 d-------- C:\VundoFix Backups
2007-08-06 14:09:38 0 d-------- C:\sierra
2007-08-06 14:01:20 63776 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-06 14:01:20 6341920 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-06 14:01:20 0 d-------- C:\Program Files\Kaspersky Lab
2007-08-06 14:01:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-06 13:52:10 0 d-------- C:\kav
2007-08-03 20:57:18 90112 --a------ C:\WINDOWS\system32\hpqnt.dll <Not Verified; Hewlett-Packard Development Company, L.P.; hpqnt Dynamic Link Library>
2007-08-02 15:46:08 0 d-------- C:\Documents and Settings\w\Application Data\AdobeUM
2007-08-02 15:45:36 0 d-------- C:\Documents and Settings\w\Application Data\Adobe
2007-08-02 15:45:34 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-01 13:02:50 0 d-------- C:\Program Files\uTorrent
2007-07-29 22:02:52 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-07-29 21:36:59 0 d-------- C:\Documents and Settings\w\Application Data\U3
2007-07-27 16:03:51 0 d-------- C:\Program Files\Common Files\Vivendi Universal
2007-07-24 10:57:05 90112 --a------ C:\WINDOWS\system32\gsicon.exe <Not Verified; GlobeSpan, Inc.; DSL Modem>
2007-07-24 10:57:05 250706 --a------ C:\WINDOWS\system32\drivers\gwausb.sys <Not Verified; GlobeSpan Inc.; GlobeSpan WAN ADSL USB Modem>
2007-07-24 10:57:04 16384 --a------ C:\WINDOWS\system32\dslagent.exe
2007-07-24 10:57:04 27083 --a------ C:\WINDOWS\system32\drivers\gafwload.sys <Not Verified; GlobeSpan Inc.; GlobeSpan USB ADSL Firmware Loader>
2007-07-24 10:57:04 25088 --a------ C:\WINDOWS\system32\CoInst.dll
2007-07-24 10:57:01 24576 --a------ C:\WINDOWS\system32\delaySpawn.exe
2007-07-24 10:57:01 0 d-------- C:\Program Files\GlobeSpan
2007-07-24 10:56:31 98304 --a------ C:\WINDOWS\system32\instDll.dll
2007-07-24 10:56:31 110592 --a------ C:\WINDOWS\system32\gspnDll.dll
2007-07-19 23:26:58 0 d-------- C:\Documents and Settings\w\Application Data\InstallShield
2007-07-18 14:51:10 0 d-------- C:\WINDOWS\speech
2007-07-18 14:51:06 0 d-------- C:\WINDOWS\lhsp
2007-07-17 23:41:37 0 d-------- C:\Program Files\SCC-TDS


-- Find3M Report ---------------------------------------------------------------

2007-08-07 19:40:39 0 d-------- C:\Documents and Settings\w\Application Data\uTorrent
2007-08-03 21:03:03 0 d-------- C:\Program Files\Hewlett-Packard
2007-08-03 20:57:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-02 15:45:34 0 d-------- C:\Program Files\Common Files
2007-07-24 12:43:26 0 d-------- C:\Documents and Settings\w\Application Data\IGN_DLM
2007-07-17 04:09:26 0 d-------- C:\Documents and Settings\w\Application Data\Xfire
2007-07-04 00:43:58 0 d-------- C:\Program Files\MSBuild
2007-07-04 00:39:53 0 d-------- C:\Program Files\Reference Assemblies
2007-07-04 00:34:04 0 d-------- C:\Documents and Settings\w\Application Data\iMesh
2007-07-03 21:49:33 0 d-------- C:\Program Files\Common Files\Stardock
2007-06-30 15:34:41 0 d-------- C:\Program Files\GameSpy Arcade
2007-06-23 12:31:43 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-06-23 12:31:34 0 d-------- C:\Program Files\ACD Systems
2007-06-21 15:18:44 280058 --a------ C:\Documents and Settings\w\Application Data\NMM-MetaData.db
2007-06-21 00:32:04 0 d-------- C:\Documents and Settings\w\Application Data\Nokia
2007-06-16 21:49:55 0 d-------- C:\Program Files\Microsoft Games
2007-06-14 00:09:43 0 d-------- C:\Documents and Settings\w\Application Data\Real
2007-06-14 00:08:17 0 d-------- C:\Program Files\Common Files\xing shared
2007-06-14 00:08:16 0 d-------- C:\Program Files\Common Files\Real
2007-06-13 12:26:06 0 d-------- C:\Documents and Settings\w\Application Data\Uniblue
2007-06-04 23:09:25 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-05-30 14:54:23 352256 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2007-05-21 19:41:52 575937 --a------ C:\WINDOWS\[Sas's] - SteaM Uninstaller.exe
2007-05-20 21:16:30 32 --a------ C:\WINDOWS\go
2007-05-19 19:20:45 62 --ahs---- C:\Documents and Settings\w\Application Data\desktop.ini
2007-05-19 16:30:54 0 -rahs---- C:\MSDOS.SYS
2007-05-19 16:30:54 0 -rahs---- C:\IO.SYS
2007-05-19 16:30:54 0 --a------ C:\CONFIG.SYS
2007-05-19 16:30:54 0 --a------ C:\AUTOEXEC.BAT
2007-05-19 16:27:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 01:03 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/06/2005 02:06 PM]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/02/2006 03:39 PM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [06/06/2006 10:09 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [06/06/2006 10:10 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [06/06/2006 10:06 AM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [02/14/2006 10:49 AM]
"AGRSMMSG"="AGRSMMSG.exe" [12/12/2005 03:00 PM C:\WINDOWS\AGRSMMSG.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/14/2007 12:08 AM]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 01:20 PM]
"flockbox"="D:\Program Files\Folder Lockbox\flockbox.exe" [02/18/2007 03:28 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 09:11 AM]
"GSICONEXE"="GSICON.EXE" [01/31/2002 10:44 PM C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [01/31/2002 10:39 PM C:\WINDOWS\system32\dslagent.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [11/08/2006 06:28 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"igndlm.exe"="D:\Program Files\Download Manager\DLM.exe" [03/06/2007 12:57 AM]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [04/04/2007 01:29 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2/15/2006 4:16:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"=0 (0x0)
"NoStrCmpLogical"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"=0 (0x0)
"NoStrCmpLogical"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
D:\Program Files\AlienGUIse\fastload.dll 12/20/2001 11:34 PM 24576 D:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll,"C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abea1a18-3e02-11dc-bf8d-001302c2b092}]
AutoRun\command- H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d765f29c-13f6-11dc-bf0f-001302c2b092}]
AutoRun\command- I:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6f76d60-0862-11dc-bee2-001302c2b092}]
AutoRun\command- H:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2007-08-09 at 14:46:39 ---------


DrWeb CureIt Log:

Process.exe;C:\Documents and Settings\w\Desktop\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Documents and Settings\w\Desktop\SmitfraudFix;Tool.ShutDown.11;;
_affvm[1];C:\Documents and Settings\w\Local Settings\Temporary Internet Files\Content.IE5\IPIVKN07;Trojan.Virtumod;Deleted.;
MiniBugTransporter.dll;C:\Program Files\Common Files\Real\WeatherBug;Adware.Minibug;;
djumfrlc.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
gebyv.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ifkjmbtg.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
laxndkjd.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
mtungvaa.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ngskpfct.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
oixoypih.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
uofbcjru.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
vbtfoqmb.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
vcvfgfxe.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
yakjcysv.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;
j4_f.wav;D:\Program Files\Rockstar Games\GTA3\audio;Modification of V2Px.1190;Moved.;
CSN.exe;D:\Program Files\[Sas's] - SteaM\Tools\CSN;Probably BACKDOOR.Trojan;;
A0001065.exe;D:\System Volume Information\_restore{33F9EC38-2712-48B1-B036-837FAD5E0D7A}\RP11;Probably BACKDOOR.Trojan;;
A0014363.exe;D:\System Volume Information\_restore{B664950A-4A88-423C-A5B0-48515A252A9B}\RP17;Tool.Prockill;;


OtMoveIt Results:

C:\WINDOWS\system32\vybeg.ini2 moved successfully.
C:\WINDOWS\system32\vybeg.bak2 moved successfully.
C:\WINDOWS\system32\vybeg.bak1 moved successfully.
C:\WINDOWS\RSoftInfo.dat moved successfully.
C:\WINDOWS\eReg.dat moved successfully.
File/Folder H:\autorun.exe not found.
File/Folder C:\WINDOWS\system32\rose.exe not found.
File/Folder C:\WINDOWS\system32\copy.exe not found.

Created on 08/09/2007 12:09:34

----------------------------------------------------------------------------------------

I dont feel like my computer is slow at all when i am not on the internet but when i am on the internet, it starts becoming slow, pop-ups still come like pages on the WinAntiVirusPro2006, and pop-ups sometimes ask me to download errorprotector and scan my computer.

I also know that Virtumonde is still on my computer from Spybot Search.

#7 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 11 August 2007 - 08:21 AM

Hello Dinamit04

Please make sure the version of SmitfraudFix.exe you had on your Desktop is deleted.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm



I also know that Virtumonde is still on my computer from Spybot Search.

Could you please post the Spybot - Search and Destroy log for me to take a look at.


So in your next reply please post the following : the SmitfraudFix report and the Spybot - Search and Destroy log.

#8 Dinamit04

Dinamit04
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 11 August 2007 - 04:48 PM

Hello again,

The Logs:

SmitfraudFix Log:

SmitFraudFix v2.209

Scan done at 0:08:06.40, Sun 08/12/2007
Run from C:\Documents and Settings\w\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\Folder Lockbox\flockbox.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\w


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\w\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\w\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll,\"C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll\""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.14.224.1
DNS Server Search Order: 213.244.72.31

HKLM\SYSTEM\CCS\Services\Tcpip\..\{78A5D92B-8372-4FA1-98A9-5D5D29212694}: NameServer=212.14.224.1 213.244.72.31
HKLM\SYSTEM\CS1\Services\Tcpip\..\{78A5D92B-8372-4FA1-98A9-5D5D29212694}: NameServer=212.14.224.1 213.244.72.31


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Spybot - SD Log:

Spybot - SD Log v20070812

Virtuemonde - 4 entries

Settings - Registry Key
HKEY_USERS\S-1-5-21-484763869-2052111302-682003330-1003\Software\Microsoft\aldd
Settings - Registry Key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws
User settings - Registry Key
HKEY_USERS\S-1-5-21-484763869-2052111302-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\(09F1ADAC-76D8-4D0F-99A5-5C907DADB988)
User settings - Registry Key
HKEY_USERS\S-1-5-21-484763869-2052111302-682003330-1003\Software\Microsoft\rdfa


SystemDoctor2006 - 1 entries

Tracking cookie (Internet Explorer: w)
Internet Explorer (w): Cookie:w@systemdoctor.com/ ()


Winsoftware.WinAntiVirusPro2006 - 3 entries

Tracking cookie (Internet Explorer: w)
Internet Explorer (w): Cookie:w@www.amaena.com/ ()
Tracking cookie (Internet Explorer: w)
Internet Explorer (w): Cookie:w@www.winantiviruspro.com/ ()
Tracking cookie (Internet Explorer: w)
Internet Explorer (w): Cookie:w@winantivirus.com/ ()


ReliableStats - 1 entries

Tracking cookie (Internet Explorer: w)
Internet Explorer (w):Cookie:w@stats1.reliablestats.com/ ()


ErrorProtector - 3 entries

Tracking cookie (Internet Explorer: w)
Internet Explorer (w): Cookie:w@www.errorprotector.com/ ()
Tracking cookie (Internet Explorer: w)
Internet Explorer (w): Cookie:w@errorprotector.com/ ()
Tracking cookie (Internet Explorer: w)
Internet Explorer (w): Cookie:w@report.errorprotector.com/ ()

#9 Dinamit04

Dinamit04
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 11 August 2007 - 05:17 PM

WOOHOO!! Success!! I think -_-"

Those Spybot Results were just leftovers from the spyware that was in my system, there is nothing, i think i am clean. I search with Spy Sweeper and removed the same results spybot - SD showed and are not reappearing even on reboots, the spyware was removed earlier, its only some files that werent removed from my computer.

THNX! ALOT!!

Just make sure i am clean plz,

Here is my hijack this log and the logs you requested in your last post, i posted before this post:

Logfile of HijackThis v1.99.1
Scan saved at 1:15:28 AM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Program Files\Folder Lockbox\flockbox.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
D:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [flockbox] D:\Program Files\Folder Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78A5D92B-8372-4FA1-98A9-5D5D29212694}: NameServer = 212.14.224.1 213.244.72.31
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: wbsys.dll,"C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WB - D:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--------------------------------------------------------------------

Am I clean??, thnx in advance!

#10 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 13 August 2007 - 07:31 AM

Hello Dinamit04, good to hear your PC is running ok! We need to do a few little things though.


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all

* SpywareGuard offers realtime protection from spyware installation attempts.

* I recommend the following anti-spyware programs to protect yourself against spyware, make sure you only use one real-time anti-spyware protection program though :
AVG anti-spyware
SUPERAntiSpyware
Ad-Aware 2007 Free

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#11 Dinamit04

Dinamit04
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 15 August 2007 - 04:23 PM

Thanks alot!! I mean it




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users