Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
1 reply to this topic

#1 tele

tele

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 11 April 2008 - 04:57 AM

http://img87.imageshack.us/my.php?image=desktopuq2.jpg

So here is my desktop. If I try to change my desktop image, it automatically changes back to the one seen in the screenshot. Also the yellow thing in the right corner appears every two minutes, with randomized text advicing for full system scan every time.
As my virus programs dont show any sign of viruses, I dont know why these things happen. The Windows security center window appears maybe every 30 minutes. I have tried running online scanning program, Avast and other spyware programs such as spybot and AVG anti-spyware. I also cant access my task manager when I use ctrl + alt + del (button is gray, so it cant be pressed). Also some pop ups tend to pop up advertising some kind of spyware removal programs. Here are the logs:

Deckard's System Scanner v20071014.68
Run by Järjestelmänvalvoja on 2008-04-11 12:31:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-11 09:31:14 UTC - RP1 - Järjestelmän tarkistuspiste


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Järjestelmänvalvoja.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:59, on 11.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Ohjelmat\Ad-aware\aawservice.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
E:\Ohjelmat\Avast\aswUpdSv.exe
E:\Ohjelmat\Avast\ashServ.exe
E:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
E:\Ohjelmat\Sygate\smc.exe
C:\WINDOWS\system32\svchost.exe
E:\Ohjelmat\Avast\ashMaiSv.exe
C:\WINDOWS\RTHDCPL.EXE
E:\Ohjelmat\Avast\ashWebSv.exe
E:\Ohjelmat\Avast\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Ohjelmat\RSSreader\RssReader.exe
C:\Program Files\Bat\X_Bat.exe
E:\Ohjelmat\AVG Anti-Spyware 7.5\avgas.exe
E:\Ohjelmat\mIRC\mirc.exe
E:\Ohjelmat\Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Järjestelmänvalvoja.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {01A33D85-4706-452A-B71A-99510ADA8C0C} - C:\WINDOWS\system32\fccdcyXR.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Ohjelmat\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SmcService] E:\Ohjelmat\Sygate\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] E:\Ohjelmat\Avast\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Ohjelmat\Adobereader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [PeerGuardian] E:\Ohjelmat\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [RssReader] E:\Ohjelmat\RSSreader\RssReader.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Ohjelmat\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Pelit\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Pelit\Titan Poker\casino.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Ohjelmat\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Ohjelmat\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: fccdcyXR - C:\WINDOWS\SYSTEM32\fccdcyXR.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Ohjelmat\Ad-aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Ohjelmat\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Ohjelmat\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Ohjelmat\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Ohjelmat\Avast\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Ohjelmat\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - E:\Ohjelmat\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - E:\Ohjelmat\Sygate\smc.exe

--
End of file - 7735 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R3 tenCapture - c:\windows\system32\drivers\tencapture.sys <Not Verified; Hajo Krabbenhöft; Personal Voice Changer>

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - e:\ohjelmat\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_283E8086&REV_02\3&2411E6FE&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_283E8086&REV_02\3&2411E6FE&0&FB
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ABT2005\3&2411E6FE&0
Manufacturer:
Name:
PNP Device ID: ACPI\ABT2005\3&2411E6FE&0
Service:


-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-11 12:31:39 0 d-------- C:\Program Files\Trend Micro
2008-04-11 12:03:49 10752 --a------ C:\WINDOWS\stcloader.exe
2008-04-11 12:03:49 15616 --a------ C:\WINDOWS\bokja.exe
2008-04-11 12:03:48 15360 --a------ C:\WINDOWS\updatetc.exe
2008-04-11 12:03:48 9216 --a------ C:\WINDOWS\system32\MSIXU.DLL
2008-04-11 12:03:48 0 d-------- C:\WINDOWS\FLEOK
2008-04-11 12:03:48 0 d-------- C:\Program Files\zango
2008-04-11 12:03:48 0 d-------- C:\Program Files\seekmo
2008-04-11 12:03:48 0 d-------- C:\Program Files\180solutions
2008-04-11 12:03:48 0 d-------- C:\Program Files\180searchassistant
2008-04-11 11:51:31 26624 --a------ C:\WINDOWS\2020search2.dll
2008-04-11 11:51:31 9472 --a------ C:\WINDOWS\2020search.dll
2008-04-11 11:46:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-11 11:46:48 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-11 11:46:47 0 d-------- C:\WINDOWS\LastGood
2008-04-11 11:38:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 11:15:18 0 d-------- C:\Program Files\EsetOnlineScanner
2008-04-11 10:40:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-11 10:28:19 0 d-------- C:\Program Files\180search assistant
2008-04-11 09:18:41 11776 --a------ C:\WINDOWS\mssvr.exe
2008-04-11 09:18:41 32768 --a------ C:\WINDOWS\mspphe.dll
2008-04-11 08:23:39 19200 --a------ C:\WINDOWS\voiceip.dll
2008-04-11 08:23:39 29184 --a------ C:\WINDOWS\swin32.dll
2008-04-11 08:23:39 29440 --a------ C:\WINDOWS\cdsm32.dll
2008-04-11 08:23:39 0 d-------- C:\Program Files\stc
2008-04-11 08:23:38 13056 --a------ C:\WINDOWS\bjam.dll
2008-04-11 08:23:37 20992 --a------ C:\WINDOWS\system32\WER8274.DLL
2008-04-11 08:23:36 13568 --a------ C:\WINDOWS\salm.exe
2008-04-11 08:23:36 26112 --a------ C:\WINDOWS\180ax.exe
2008-04-11 08:23:35 25088 --a------ C:\WINDOWS\system32\MSNSA32.dll
2008-04-11 08:23:35 19456 --a------ C:\WINDOWS\saiemod.dll
2008-04-11 08:23:34 30976 --a------ C:\WINDOWS\system32\SIPSPI32.dll
2008-04-11 08:23:34 31488 --a------ C:\WINDOWS\system32\shdocpe.dll
2008-04-11 08:23:34 30208 --a------ C:\WINDOWS\msapasrc.dll
2008-04-11 08:23:34 11776 --a------ C:\WINDOWS\msa64chk.dll
2008-04-11 08:23:32 13824 --a------ C:\WINDOWS\winsb.dll
2008-04-11 08:23:32 30464 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-11 08:23:32 15872 --a------ C:\WINDOWS\shdocpl.dll
2008-04-11 08:23:32 24832 --a------ C:\WINDOWS\shdocpe.dll
2008-04-11 08:23:32 10496 --a------ C:\WINDOWS\ntnut.exe
2008-04-11 08:23:32 29952 --a------ C:\WINDOWS\browserad.dll
2008-04-11 08:23:32 0 d-------- C:\Program Files\Sysmnt
2008-04-11 08:23:31 24064 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-11 08:23:31 19968 --a------ C:\WINDOWS\avisynthex32.dll
2008-04-11 08:23:31 11008 --a------ C:\WINDOWS\avifile32.dll
2008-04-11 08:23:31 19456 --a------ C:\WINDOWS\autodisc32.dll
2008-04-11 08:23:31 14848 --a------ C:\WINDOWS\audiosrv32.dll
2008-04-11 08:23:31 13824 --a------ C:\WINDOWS\ati2dvag32.dll
2008-04-11 08:23:31 18176 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-04-11 08:23:31 29696 --a------ C:\WINDOWS\athprxy32.dll
2008-04-11 08:23:31 28928 --a------ C:\WINDOWS\asycfilt32.dll
2008-04-11 08:23:31 8192 --a------ C:\WINDOWS\asferror32.dll
2008-04-11 08:23:30 14592 --a------ C:\WINDOWS\changeurl_30.dll
2008-04-11 08:23:30 25856 --a------ C:\WINDOWS\apphelp32.dll
2008-04-11 07:52:56 36352 --a------ C:\WINDOWS\system32\cbXNHXQJ.dll
2008-04-11 07:51:58 0 d-------- C:\Program Files\Bat
2008-04-11 07:51:51 36352 --a------ C:\WINDOWS\system32\xxyvuspo.dll
2008-04-11 07:51:43 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-04-11 07:51:38 91561 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-04-11 07:51:28 36352 --a------ C:\WINDOWS\system32\fccdcyXR.dll
2008-04-10 07:11:34 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\FALCOM
2008-04-01 20:42:08 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\e-Safekey
2008-03-24 11:11:15 0 d-------- C:\WINDOWS\naevius
2008-03-23 20:49:45 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-23 20:49:45 4762112 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-03-23 20:49:45 383238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-11 08:28:08 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\uTorrent
2008-04-10 12:29:04 9720 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-30 09:05:55 373074 --a------ C:\WINDOWS\system32\perfh00B.dat
2008-03-30 09:05:55 74300 --a------ C:\WINDOWS\system32\perfc00B.dat
2008-03-10 15:12:58 0 d-------- C:\Program Files\uTorrent
2008-03-08 21:19:48 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Opera
2008-03-05 21:04:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-01 11:44:17 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Ubisoft
2008-02-29 11:46:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-29 11:46:28 0 d-------- C:\Program Files\AGEIA Technologies
2008-02-24 23:59:46 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Move Networks
2008-02-24 13:38:52 55949 --a------ C:\WINDOWS\system32\x264-uninstall.exe
2008-02-14 18:01:16 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\WinRAR
2008-02-11 09:39:26 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-11 09:39:18 237568 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2008-02-08 13:53:46 110592 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2008-02-05 08:48:04 77824 --a------ C:\WINDOWS\system32\OnlineScannerUninstaller.exe <Not Verified; ; OnlineScannerUninstaller>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01A33D85-4706-452A-B71A-99510ADA8C0C}]
11.04.2008 07:51 36352 --a------ C:\WINDOWS\system32\fccdcyXR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
07.03.2008 21:15 413696 --a------ C:\Program Files\Bat\Bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [14.08.2006 09:00 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16.05.2006 13:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 13:43 C:\WINDOWS\Alcmtr.exe]
"SmcService"="E:\Ohjelmat\Sygate\smc.exe" [27.09.2005 12:16]
"avast!"="E:\Ohjelmat\Avast\ashDisp.exe" [06.09.2007 13:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12.01.2006 15:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 02:11]
"Adobe Reader Speed Launcher"="E:\Ohjelmat\Adobereader\Reader\Reader_sl.exe" [10.10.2007 20:51]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17.09.2007 02:07]
"nwiz"="nwiz.exe" [17.09.2007 02:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17.09.2007 02:07]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [16.06.2004 07:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16.06.2004 07:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"PeerGuardian"="E:\Ohjelmat\PeerGuardian2\pg2.exe" [18.09.2005 18:40]
"RssReader"="E:\Ohjelmat\RSSreader\RssReader.exe" [04.04.2004 18:21]
"SpybotSD TeaTimer"="E:\Ohjelmat\Spybot - Search & Destroy\TeaTimer.exe" [28.01.2008 11:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\J„rjestelm„nvalvoja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [11.4.2008 7:51:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"ForceStartMenuLogoff"=0 (0x0)
"NoSMConfigurePrograms"=1 (0x1)
"NoUserNameInStartMenu"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"ForceStartMenuLogoff"=0 (0x0)
"NoSMConfigurePrograms"=1 (0x1)
"NoUserNameInStartMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01A33D85-4706-452A-B71A-99510ADA8C0C}"= C:\WINDOWS\system32\fccdcyXR.dll [11.04.2008 07:51 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdcyXR]
fccdcyXR.dll 11.04.2008 07:51 36352 C:\WINDOWS\system32\fccdcyXR.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoPenMSN]
E:\Ohjelmat\InfoPenMSN\Pro\InfoPenIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]
"E:\utorrent.exe"

*Newly Created Service* - SRSERVICE



-- End of Deckard's System Scanner: finished at 2008-04-11 12:32:26 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel® Core™2 CPU 6600 @ 2.40GHz
CPU 1: Intel® Core™2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 28%
Physical Memory (total/avail): 2046.42 MiB / 1464.83 MiB
Pagefile Memory (total/avail): 3938.57 MiB / 3395.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.42 MiB

C: is Fixed (NTFS) - 20.51 GiB total, 16.1 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 212.37 GiB total, 10.06 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250820A - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Asennettava tiedostojärjestelmä - 20.51 GiB - C:
\PARTITION1 - Laajennettu ja laajennettu Int 13 - 212.37 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\J„rjestelm„nvalvoja\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RYPPY-676C22933
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\J„rjestelm„nvalvoja
LOGONSERVER=\\RYPPY-676C22933
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;E:\Ohjelmat\MKVtoolnix
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\Temp
TMP=C:\Temp
USERDOMAIN=RYPPY-676C22933
USERNAME=J„rjestelm„nvalvoja
USERPROFILE=C:\Documents and Settings\J„rjestelm„nvalvoja
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Järjestelmänvalvoja (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> E:\Ohjelmat\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Atrise FBI 1.0.0 --> E:\Ohjelmat\FBI\uninstall.exe
Audacity 1.2.6 --> "E:\Ohjelmat\Audacity\unins000.exe"
avast! Antivirus --> rundll32 E:\Ohjelmat\Avast\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> E:\Ohjelmat\AVG Anti-Spyware 7.5\Uninstall.exe
Bat --> "C:\Program Files\Bat\un_BatSetup_15041.exe"
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Beneton Movie GIF 1.1.1 --> "E:\Ohjelmat\Beneton Movie GIF\unins000.exe"
CDex extraction audio --> "E:\Ohjelmat\CDex_150\uninstall.exe"
Combined Community Codec Pack 2008-01-24 --> "E:\Ohjelmat\Combined Community Codec Pack\unins000.exe"
CoreAVC Pro (remove only) --> "E:\Ajurit\CoreAVC Pro\CoreAVC Pro-uninstall.exe"
Counter-Strike: Source --> "E:\Pelit\Steam\steam.exe" steam://uninstall/240
DivX Web Player --> E:\Ohjelmat\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Fake Voice 1.0.8 --> "E:\Ohjelmat\Fake Voice\unins000.exe"
FLAC 1.2.1b (remove only) --> E:\Ajurit\FLAC\uninstall.exe
FLV Player 1.3.3 --> "E:\Ohjelmat\FLVPlayer\uninstall.exe"
Fraps (remove only) --> "E:\Ohjelmat\Fraps\uninstall.exe"
Freez FLV to MP3 Converter --> "E:\Ohjelmat\Freez FLV to MP3 Converter\unins000.exe"
Haali Media Splitter --> "E:\Ajurit\MatroskaSplitter\uninstall.exe"
Half-Life 2 --> "E:\Pelit\Steam\steam.exe" steam://uninstall/220
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lost Via Domus --> "C:\Program Files\InstallShield Installation Information\{2702B8FC-6003-4AC6-ADBC-EC65746D800A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "E:\Ohjelmat\mIRC\mirc.exe" -uninstall
MKVtoolnix 2.2.0 --> E:\Ohjelmat\MKVtoolnix\uninst.exe
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (1.0.7) --> C:\WINDOWS\UninstallFirefox.exe /ua "1.0.7 (en-US)"
Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31035}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Opera 9.26 --> MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
PeerGuardian 2.0 --> "E:\Ohjelmat\PeerGuardian2\unins000.exe"
PowerISO --> "E:\Ohjelmat\PowerISO\uninstall.exe"
ProxyShell Hide IP 2.4.1 --> "E:\Ohjelmat\ProxyShell Hide IP\unins000.exe"
QuickTime Alternative 1.81 --> "E:\Ohjelmat\QuickTime Alternative\unins000.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe" -l0xb -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0xb -removeonly
RssReader --> MsiExec.exe /I{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}
Source SDK Base --> "E:\Pelit\Steam\steam.exe" steam://uninstall/215
Spybot - Search & Destroy --> "E:\Ohjelmat\Spybot - Search & Destroy\unins000.exe"
Steam --> E:\Pelit\Steam\UNWISE.EXE E:\Pelit\Steam\INSTALL.LOG
StepMania (remove only) --> "E:\Pelit\StepMania\uninstall.exe"
Subtitle Workshop 2.51 --> "E:\Ohjelmat\Subtitle Workshop\uninstall.exe"
Sygate Personal Firewall Pro --> MsiExec.exe /I{10B446B3-4DF4-4489-A168-8A98F7CD807E}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Time Adjuster LIGHT 3.1 --> "E:\Ohjelmat\TimeAdjuster\Uninstall.exe"
Titan Poker --> "E:\Pelit\Titan Poker\_SetupPoker.exe" /uninstall
TrackMania Nations ESWC 1.7.9 --> "E:\Pelit\TrackMania Nations ESWC\unins000.exe"
TypingMaster Pro --> "E:\Ohjelmat\TypingMaster\unins000.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VentriloMIX --> E:\OHJELMAT\ventrilomix\Uninstal.exe
VideoLAN VLC media player 0.8.6d --> E:\Ohjelmat\VLC\uninstall.exe
Winamp (remove only) --> "E:\Ohjelmat\Winamp\UninstWA.exe"
WinAVIVideoConverter --> E:\Ohjelmat\WinAVIVideoConverter\unins000.exe
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
X264 H.264/AVC Video Codec (remove only) --> "C:\WINDOWS\system32\x264-uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4276 / Success
Event Submitted/Written: 04/11/2008 07:22:15 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4214 / Success
Event Submitted/Written: 04/09/2008 08:29:03 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4205 / Success
Event Submitted/Written: 04/08/2008 07:52:22 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4046 / Success
Event Submitted/Written: 04/04/2008 07:03:54 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4038 / Success
Event Submitted/Written: 04/03/2008 08:09:16 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10168 / Error
Event Submitted/Written: 04/11/2008 11:10:02 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Palvelu Tietokoneiden selaus lopetettiin virheen takia. Virhe:
%%1460

Event Record #/Type10166 / Warning
Event Submitted/Written: 04/11/2008 11:09:42 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Tietokone määritti IP-osoitteen automaattisesti verkkokortille, jonka verkko-osoite
on 00508D9D0F1D. Käytössä on IP-osoite 169.254.245.217.

Event Record #/Type10140 / Error
Event Submitted/Written: 04/11/2008 10:32:04 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Palvelu Tietokoneiden selaus lopetettiin virheen takia. Virhe:
%%1460

Event Record #/Type10114 / Error
Event Submitted/Written: 04/11/2008 09:27:04 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Palvelu Tietokoneiden selaus lopetettiin virheen takia. Virhe:
%%1460

Event Record #/Type10088 / Error
Event Submitted/Written: 04/11/2008 09:20:48 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM vastaanotti virheen "%%1084" yrittäessään käynnistää palvelun EventSystem argumenteilla ""
suorittaakseen palvelinosan:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-04-11 12:32:26 ------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 11, 2008 12:28:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/04/2008
Kaspersky Anti-Virus database records: 697073
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\
E:\

Scan Statistics:
Total number of scanned objects: 51827
Number of viruses found: 9
Number of infected objects: 19
Number of suspicious objects: 2
Duration of the scan process: 00:26:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/bokja.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\8m9rv7kj.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\8m9rv7kj.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\8m9rv7kj.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\8m9rv7kj.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\8m9rv7kj.default\cert8.db Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\8m9rv7kj.default\history.dat Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\8m9rv7kj.default\key3.db Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Mozilla\Firefox\Profiles\8m9rv7kj.default\parent.lock Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Application Data\ApplicationHistory\RssReader.exe.12a25d65.ini.inuse Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Sivuhistoria\History.IE5\MSHist012008041120080412\index.dat Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Järjestelmänvalvoja\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Bat\Bat.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\Program Files\Bat\Info.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Temp\Perflib_Perfdata_7ac.dat Object is locked skipped
C:\Temp\Perflib_Perfdata_b60.dat Object is locked skipped
C:\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\Temp\~DF4895.tmp Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cbXNHXQJ.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\fccdcyXR.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.bjs skipped
C:\WINDOWS\system32\xxyvuspo.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
E:\Asennukset\mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
E:\Asennukset\mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
E:\Asennukset\mirc62.exe NSIS: infected - 2 skipped
E:\Asennukset\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
E:\Asennukset\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
E:\Asennukset\mirc621.exe NSIS: infected - 2 skipped
E:\Asennukset\npphi241\setup\proxyshell_hide_ip_setup.exe/file12 Infected: not-a-virus:AdWare.Win32.AdMedia.u skipped
E:\Asennukset\npphi241\setup\proxyshell_hide_ip_setup.exe Inno: infected - 1 skipped
E:\Ohjelmat\Avast\DATA\aswResp.dat Object is locked skipped
E:\Ohjelmat\Avast\DATA\Avast4.db Object is locked skipped
E:\Ohjelmat\Avast\DATA\log\AshWebSv.ws Object is locked skipped
E:\Ohjelmat\Avast\DATA\log\aswMaiSv.log Object is locked skipped
E:\Ohjelmat\Avast\DATA\log\nshield.log Object is locked skipped
E:\Ohjelmat\Avast\DATA\moved\whiehlpr.dll.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Ohjelmat\Avast\DATA\report\Resident protection.txt Object is locked skipped
E:\Ohjelmat\Hijackthis\backups\backup-20080411-112632-316.dll Infected: Packed.Win32.Monder.gen skipped
E:\Ohjelmat\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
E:\Ohjelmat\ProxyShell Hide IP\ErrorReport.exe Infected: not-a-virus:AdWare.Win32.AdMedia.u skipped
E:\Ohjelmat\Sygate\debug.log Object is locked skipped
E:\Ohjelmat\Sygate\rawlog.log Object is locked skipped
E:\Ohjelmat\Sygate\seclog.log Object is locked skipped
E:\Ohjelmat\Sygate\syslog.log Object is locked skipped
E:\Ohjelmat\Sygate\tralog.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


*SOLVED*

Edited by tele, 12 April 2008 - 12:53 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:52 PM

Posted 16 April 2008 - 09:20 PM

Thanks for letting us know. :thumbsup:


Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users