Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Meanie Called Vundo.gen148


  • This topic is locked This topic is locked
8 replies to this topic

#1 Viilu

Viilu

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 17 April 2008 - 09:26 AM

My Norman antivirus started telling me that I had vundo.gen148 and it had been quaranteed. I was like cool until I noticed the same message keeps coming over and over again. I tried vundo fix but it freezes every time I try to scan it. So if someone could help me to get rid of this bastard I would be grateful.

Here's the log:

Deckard's System Scanner v20071014.68
Run by Petri on 2008-04-17 17:30:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
38: 2008-04-15 22:49:08 UTC - RP103 - Windows Update
37: 2008-04-14 12:33:32 UTC - RP102 - Remove CloneCD
36: 2008-04-14 12:28:49 UTC - RP100 - Laitteen ohjainkokonaisuuden asentaminen: Zone Labs, a Check Point company Verkkopalvelu
35: 2008-04-13 11:56:41 UTC - RP99 - Installed Adobe Premiere Pro 2.0
34: 2008-04-12 17:01:17 UTC - RP98 - Laitteen ohjainkokonaisuuden asentaminen: MagicISO, Inc. Muistivälineiden ohjaimet


-- First Restore Point --
1: 2008-02-11 20:15:58 UTC - RP64 - Ajoitettu tarkistuspiste


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Petri.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:19, on 17.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
D:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
D:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
D:\Program Files\Norman\Nvc\bin\nvcoas.exe
D:\Program Files\Norman\Npm\bin\NJEEVES.EXE
D:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Norman\Npm\Bin\Zlh.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Windows\System32\rundll32.exe
D:\Program Files\MagicDisc\MagicDisc.exe
D:\Program Files\Norman\Nvc\BIN\NIP.EXE
D:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Petri\Desktop\dss.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Petri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [recinfo919] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo] RecInfo.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Norman ZANDA] D:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Petri\AppData\Local\Temp\fccyARhi.dll,#1
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Suorita rekisteröintityökalu.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F30C5A8F-4A19-4378-B715-4BB73F02E582}: NameServer = 217.78.196.2,217.78.196.18
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - D:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - D:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - D:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - D:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - D:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 10045 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 TestHandler (Fujitsu Siemens Computers Diagnostic Testhandler) - c:\firststeps\onlinediagnostic\testmanager\testhandler.exe <Not Verified; Fujitsu Siemens Computers; ServerView Online Diagnostic>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia N70
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N70
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-14 15:36:50 0 d-------- C:\Program Files\CCleaner
2008-04-14 15:29:22 0 d-------- C:\Users\All Users\CheckPoint
2008-04-14 15:28:38 0 d-------- C:\Windows\system32\ZoneLabs
2008-04-14 15:19:32 0 d-------- C:\Program Files\Trend Micro
2008-04-13 15:30:31 70656 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-04-13 15:30:31 408576 --a------ C:\Windows\system32\Smab.dll
2008-04-13 15:30:31 70656 --a------ C:\Windows\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-04-13 15:30:31 719872 --a------ C:\Windows\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-04-13 15:30:31 27648 --a------ C:\Windows\system32\AVSredirect.dll
2008-04-13 15:30:31 318976 --a------ C:\Windows\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-04-13 15:30:31 66560 --a------ C:\Windows\MOTA113.exe
2008-04-13 15:30:31 217073 --a------ C:\Windows\meta4.exe
2008-04-13 15:30:31 0 d-------- C:\Program Files\AviSynth 2.5
2008-04-13 15:30:22 27648 ---hs---- C:\Windows\system32\Smab0.dll
2008-04-13 15:30:22 31232 -r-hs---- C:\Windows\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-04-13 15:30:22 163328 -r-hs---- C:\Windows\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-04-13 14:57:25 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-13 00:33:06 0 d-------- C:\Users\All Users\Minnetonka Audio Software
2008-04-12 23:50:50 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-12 23:50:40 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-04-12 20:01:13 96256 --a------ C:\Windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-03-23 03:45:31 0 d-------- C:\Users\All Users\Google


-- Find3M Report ---------------------------------------------------------------

2008-04-17 16:30:58 459304 --a------ C:\Windows\system32\perfh00B.dat
2008-04-17 16:30:58 83690 --a------ C:\Windows\system32\perfc00B.dat
2008-04-17 14:58:23 0 d-------- C:\Users\Petri\AppData\Roaming\uTorrent
2008-04-14 15:43:15 0 d-------- C:\Program Files\AdVantage
2008-04-13 15:52:23 0 d-------- C:\Users\Petri\AppData\Roaming\Adobe
2008-04-13 14:58:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-13 14:57:25 0 d-------- C:\Program Files\Common Files
2008-04-09 13:09:41 0 d-------- C:\Users\Petri\AppData\Roaming\Winamp
2008-04-09 03:09:37 0 d-------- C:\Program Files\Windows Mail
2008-04-04 15:34:38 0 d-------- C:\Users\Petri\AppData\Roaming\Template
2008-04-04 15:34:37 0 --a------ C:\Users\Petri\AppData\Roaming\wklnhst.dat
2008-03-31 00:27:04 0 d-------- C:\Users\Petri\AppData\Roaming\Vso
2008-03-30 12:26:24 0 d-------- C:\Program Files\Google
2008-03-23 03:45:00 0 d-------- C:\Program Files\Java
2008-03-09 22:31:11 0 d-------- C:\Users\Petri\AppData\Roaming\mIRC
2008-02-29 22:08:13 0 d-------- C:\Users\Petri\AppData\Roaming\BSplayer


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03.11.2007 16:03]
"RtHDVCpl"="RtHDVCpl.exe" [01.10.2007 12:53 C:\Windows\RtHDVCpl.exe]
"recinfo919"="c:\RecInfo\RecInfo.exe" [23.10.2007 15:52]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.05.2007 04:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [26.02.2007 21:46]
"recinfo"="RecInfo.exe" []
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [16.01.2008 01:54]
"Norman ZANDA"="D:\Program Files\Norman\Npm\bin\ZLH.exe" [09.08.2007 15:40]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [07.08.2007 03:05]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06.11.2007 21:00]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06.11.2007 21:00]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06.11.2007 21:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09.01.2008 03:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10.01.2008 04:01]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31.08.2007 17:46]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 12:34]
"MSServer"="C:\Users\Petri\AppData\Local\Temp\fccyARhi.dll,#1" []
"PC Suite Tray"="D:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [10.12.2007 11:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Users\Petri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 20:16:50]
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [12.4.2008 20:01:13]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Suorita rekister”intity”kalu.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [27.1.2008 16:17:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum UxSms


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
AutoRun\command- M:\Setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7694 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-17 17:34:22 ------------

Edited by Viilu, 17 April 2008 - 09:39 AM.


BC AdBot (Login to Remove)

 


#2 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:04:32 AM

Posted 26 April 2008 - 05:03 AM

Hi Viilu,

Please make new DSS logs as follows:
  • Make sure DSS.exe is on your Desktop
  • Next press Start->Run, copy/paste the following command into the box and press OK:

    "%userprofile%\desktop\dss.exe" /config

  • A configuration box will appear
  • Place checkmarks in all the boxes under Main Log and Extra Log press Scan!
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply
Once complete, please post both DSS logs.

Edited by silver, 26 April 2008 - 05:03 AM.

Teacher at Malware Removal University | ASAP & UNITE Member

#3 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:04:32 AM

Posted 28 April 2008 - 08:09 PM

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.
Teacher at Malware Removal University | ASAP & UNITE Member

#4 Viilu

Viilu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 30 April 2008 - 10:11 AM

Yeah, I need help. Just moved to a new apartment and it took awhile to open internet connection. I'll post new log immediately

Log:

Deckard's System Scanner v20071014.68
Run by Petri on 2008-04-30 18:19:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
43: 2008-04-30 15:10:09 UTC - RP115 - Windows Update
42: 2008-04-24 20:40:05 UTC - RP114 - Windows Update
41: 2008-04-22 22:45:53 UTC - RP113 - Windows Update
40: 2008-04-19 05:32:43 UTC - RP112 - Laitteen ohjainkokonaisuuden asentaminen: Nokia Modeemit
39: 2008-04-19 05:32:29 UTC - RP111 - Laitteen ohjainkokonaisuuden asentaminen: Nokia Modeemit


-- First Restore Point --
1: 2008-02-20 17:56:01 UTC - RP71 - Ajoitettu tarkistuspiste


Performed disk cleanup.



-- HijackThis (run as Petri.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:41, on 30.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
D:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
D:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Norman\Npm\Bin\Zlh.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
D:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Norman\Npm\bin\NJEEVES.EXE
D:\Program Files\Norman\Nvc\BIN\NIP.EXE
D:\Program Files\Norman\Nvc\bin\nvcoas.exe
D:\Program Files\Norman\Nvc\bin\cclaw.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Users\Petri\Desktop\dss.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Petri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [recinfo919] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo] RecInfo.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Norman ZANDA] D:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Petri\AppData\Local\Temp\fccyARhi.dll,#1
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Suorita rekisteröintityökalu.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F30C5A8F-4A19-4378-B715-4BB73F02E582}: NameServer = 217.78.196.2,217.78.196.18
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - D:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - D:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - D:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - D:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - D:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 10293 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 TestHandler (Fujitsu Siemens Computers Diagnostic Testhandler) - c:\firststeps\onlinediagnostic\testmanager\testhandler.exe <Not Verified; Fujitsu Siemens Computers; ServerView Online Diagnostic>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel


-- Process Modules -------------------------------------------------------------

C:\Windows\System32\svchost.exe (pid 1024)
2006-02-28 12:42:30 94208 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>

C:\Windows\System32\svchost.exe (pid 1080)
2006-02-28 12:42:30 94208 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>

C:\Windows\System32\svchost.exe (pid 1308)
2006-02-28 12:42:30 94208 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>

C:\Windows\System32\svchost.exe (pid 1560)
2006-02-28 12:42:30 94208 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Computer, Inc.; Bonjour>

C:\Windows\explorer.exe (pid 3376)
2008-03-31 09:58:18 617472 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll <Not Verified; Nokia; Phone Browser>
2008-03-27 15:22:04 815104 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\NGSCM.dll <Not Verified; Nokia; Next Gen Suite Common Modules>
2008-03-11 13:55:18 27648 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fin.NLR <Not Verified; Nokia; Nokia Phone Browser>
2008-03-08 12:52:22 573440 --a------ C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.NGR <Not Verified; Nokia; Nokia Phone Browser>
2007-09-20 19:34:58 129024 --a------ D:\Program Files\WinRAR\RarExt.dll
2007-08-07 03:06:35 204800 --a------ D:\Program Files\PowerISO\PWRISOSH.DLL <Not Verified; PowerISO Computing, Inc.; PowerISO Shell Dynamic Link Library>


-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-19 08:32:11 0 d-------- C:\Program Files\Common Files\PCSuite
2008-04-19 08:32:10 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-19 08:31:22 0 d------c- C:\Windows\system32\DRVSTORE
2008-04-19 08:31:16 0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-19 08:29:25 0 d-------- C:\Program Files\Nokia
2008-04-14 15:36:50 0 d-------- C:\Program Files\CCleaner
2008-04-14 15:29:22 0 d-------- C:\Users\All Users\CheckPoint
2008-04-14 15:28:38 0 d-------- C:\Windows\system32\ZoneLabs
2008-04-14 15:19:32 0 d-------- C:\Program Files\Trend Micro
2008-04-13 15:30:31 70656 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-04-13 15:30:31 408576 --a------ C:\Windows\system32\Smab.dll
2008-04-13 15:30:31 70656 --a------ C:\Windows\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-04-13 15:30:31 719872 --a------ C:\Windows\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-04-13 15:30:31 27648 --a------ C:\Windows\system32\AVSredirect.dll
2008-04-13 15:30:31 318976 --a------ C:\Windows\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-04-13 15:30:31 66560 --a------ C:\Windows\MOTA113.exe
2008-04-13 15:30:31 217073 --a------ C:\Windows\meta4.exe
2008-04-13 15:30:31 0 d-------- C:\Program Files\AviSynth 2.5
2008-04-13 15:30:22 27648 ---hs---- C:\Windows\system32\Smab0.dll
2008-04-13 15:30:22 31232 -r-hs---- C:\Windows\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-04-13 15:30:22 163328 -r-hs---- C:\Windows\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-04-13 14:57:25 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-13 00:33:06 0 d-------- C:\Users\All Users\Minnetonka Audio Software
2008-04-12 23:50:50 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-12 23:50:40 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-04-12 20:01:13 96256 --a------ C:\Windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>


-- Find3M Report ---------------------------------------------------------------

2008-04-30 18:21:53 0 d-------- C:\Users\Petri\AppData\Roaming\uTorrent
2008-04-30 17:51:24 459304 --a------ C:\Windows\system32\perfh00B.dat
2008-04-30 17:51:24 83690 --a------ C:\Windows\system32\perfc00B.dat
2008-04-19 08:32:11 0 d-------- C:\Program Files\Common Files
2008-04-14 15:43:15 0 d-------- C:\Program Files\AdVantage
2008-04-13 15:52:23 0 d-------- C:\Users\Petri\AppData\Roaming\Adobe
2008-04-13 14:58:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-09 13:09:41 0 d-------- C:\Users\Petri\AppData\Roaming\Winamp
2008-04-09 03:09:37 0 d-------- C:\Program Files\Windows Mail
2008-04-04 15:34:38 0 d-------- C:\Users\Petri\AppData\Roaming\Template
2008-04-04 15:34:37 0 --a------ C:\Users\Petri\AppData\Roaming\wklnhst.dat
2008-03-31 00:27:04 0 d-------- C:\Users\Petri\AppData\Roaming\Vso
2008-03-30 12:26:24 0 d-------- C:\Program Files\Google
2008-03-23 03:45:00 0 d-------- C:\Program Files\Java
2008-03-09 22:31:11 0 d-------- C:\Users\Petri\AppData\Roaming\mIRC
2008-02-29 22:08:13 0 d-------- C:\Users\Petri\AppData\Roaming\BSplayer


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03.11.2007 16:03]
"RtHDVCpl"="RtHDVCpl.exe" [01.10.2007 12:53 C:\Windows\RtHDVCpl.exe]
"recinfo919"="c:\RecInfo\RecInfo.exe" [23.10.2007 15:52]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.05.2007 04:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [26.02.2007 21:46]
"recinfo"="RecInfo.exe" []
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [16.01.2008 01:54]
"Norman ZANDA"="D:\Program Files\Norman\Npm\bin\ZLH.exe" [09.08.2007 15:40]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [07.08.2007 03:05]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06.11.2007 21:00]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06.11.2007 21:00]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06.11.2007 21:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09.01.2008 03:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10.01.2008 04:01]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31.08.2007 17:46]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 12:34]
"MSServer"="C:\Users\Petri\AppData\Local\Temp\fccyARhi.dll,#1" []
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [28.03.2008 11:20]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [26.03.2008 18:41]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Users\Petri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 20:16:50]
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [12.4.2008 20:01:13]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Suorita rekister”intity”kalu.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [27.1.2008 16:17:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum UxSms


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
AutoRun\command- M:\Setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7694 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-30 18:23:09 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 5000+
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 3070.88 MiB / 1608.35 MiB
Pagefile Memory (total/avail): 6341.74 MiB / 4992.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.2 MiB

C: is Fixed (NTFS) - 303.35 GiB total, 235.83 GiB free.
D: is Fixed (NTFS) - 465.76 GiB total, 447.18 GiB free.
E: is Fixed (NTFS) - 150.69 GiB total, 150.6 GiB free.
F: is Fixed (NTFS) - 465.76 GiB total, 343.06 GiB free.
G: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is CDROM (No Media)
N: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-07YGA0 ATA Device - 465.76 GiB - 3 partitions
\PARTITION0 - Unknown - 11.72 GiB
\PARTITION1 (bootable) - Installable File System - 303.35 GiB - C:
\PARTITION2 - Installable File System - 150.69 GiB - E:

\\.\PHYSICALDRIVE1 - WDC WD5000AAKS-07YGA0 ATA Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - D:

\\.\PHYSICALDRIVE3 - Generic 2.0 Reader -0 USB Device

\\.\PHYSICALDRIVE4 - Generic 2.0 Reader -1 USB Device

\\.\PHYSICALDRIVE5 - Generic 2.0 Reader -2 USB Device

\\.\PHYSICALDRIVE6 - Generic 2.0 Reader -3 USB Device

\\.\PHYSICALDRIVE7 - Generic 2.0 Reader -4 USB Device

\\.\PHYSICALDRIVE2 - Seagate FreeAgentDesktop USB Device - 465.76 GiB - 1 partition
\PARTITION0 - Installable File System - 465.76 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.1.248.000 (Check Point, LTD.)
AV: Norman Virus Control ver. 5.90 v5.90 (Norman ASA)
AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Petri\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PURKKI
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Petri
LOCALAPPDATA=C:\Users\Petri\AppData\Local
LOGONSERVER=\\PURKKI
NpmLib=D:\Program Files\Norman\Npm\Bin
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;D:\Program Files\Norman\Npm\Bin;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Petri\AppData\Local\Temp
TMP=C:\Users\Petri\AppData\Local\Temp
tvdumpflags=8
USERDOMAIN=Purkki
USERNAME=Petri
USERPROFILE=C:\Users\Petri
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Petri
Vieras (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040B-0000-0000000FF1CE} /uninstall {F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-041D-0000-0000000FF1CE} /uninstall {A8626CEF-CB0A-4BC2-8F51-210A43B6158D}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-040B-0000-0000000FF1CE} /uninstall {E8865B68-C2A1-4B9D-BBA7-782E8FC2E52F}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Office Systemin yhteensopivuuspaketti --> MsiExec.exe /X{90120000-0020-040B-0000-0000000FF1CE}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Premiere Pro 2.0 --> msiexec /I {FA17A726-B229-4116-B793-A2AB1A4EAE2E}
Adobe Premiere Pro CS3 --> C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> C:\Program Files\Common Files\Adobe\Installers\71c180716438072ebd356ce2549df41\Setup.exe
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 8.1.0 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{2C65AEAA-EDF4-42E0-AA43-D74A5362CA02}
Adobe Setup --> MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audio CD Ripper 1.32 --> "D:\Program Files\Audio CD Ripper 1.32\unins000.exe"
BS.Player FREE powered by AdVantage --> "D:\Program Files\Webteh\BSplayer\uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDCopy --> "D:\Program Files\CDCopy\Uninstal.exe"
Codec Pack - All In 1 6.0.3.0 --> C:\Windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
ConvertXtoDVD 2.2.3.258g --> "D:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Cool Edit Pro 2.1 --> D:\Program Files\coolpro2\cep2unin.exe
DC++ 0.699 --> "D:\Program Files\DC++\uninstall.exe"
FirstSteps Diagnostics --> MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}
G6 U-DISK Manager Uninstall --> D:\Program Files\G6 U-DISK Manager\Uninstall.exe
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTA San Andreas --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
MagicDisc 2.6.93 --> D:\PROGRA~1\MAGICD~1\UNWISE.EXE D:\PROGRA~1\MAGICD~1\INSTALL.LOG
Microsoft Office Excel MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0016-040B-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-00A1-040B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-0018-040B-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (Finnish) --> MsiExec.exe /X{95120000-00AF-040B-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007 --> MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007 --> MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Finnish) 2007 --> MsiExec.exe /X{90120000-002C-040B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-006E-040B-0000-0000000FF1CE}
Microsoft Office Word MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-001B-040B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{7D9EF8C1-1B76-44AF-A918-86CBA6FD24C8}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Need for Speed™ ProStreet --> MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
Nero 7 Essentials --> MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571035}
NHL® 08 --> MsiExec.exe /X{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}
Nintendo Wi-Fi USB Connector -rekisteröintityökalu --> C:\Program Files\WiFiConnector\SoftAPUninst.exe
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia PC Suite --> C:\ProgramData\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_fin.exe
Nokia PC Suite --> MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47}
Norman Virus Control --> D:\Program Files\Norman\NVC\BIN\DelNVC5.exe
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PowerISO --> "D:\Program Files\PowerISO\uninstall.exe"
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SimCity™ Societies --> MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
SopCast 2.0.4 --> D:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPER © Version 2008.bld.30 (Mar 22, 2008) --> D:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VideoLAN VLC media player 0.8.6d --> D:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp --> "D:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{5C29C5F5-A9C9-4E89-A606-13E165E7C55F}
Windows Live Messenger --> MsiExec.exe /X{A9174A72-1B46-445B-B3CF-90ED2C63D83B}
Windowsin ohjainpaketti - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf
Windowsin ohjainpaketti - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf
Windowsin ohjainpaketti - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf
Windowsin ohjainpaketti - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf
Windowsin ohjainpaketti - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
WinRAR-pakkausohjelma --> D:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "D:\Program Files\Xvid\unins000.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type180955 / Success
Event Submitted/Written: 04/30/2008 05:49:14 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type180949 / Error
Event Submitted/Written: 04/30/2008 05:47:21 PM
Event ID/Source: 5007 / WerSvc
Event Description:
Windows Feedback Platform (DLL, joka sisältää luettelon tämän tietokoneen ongelmista, jotka edellyttävät lisätietojen keräämistä diagnostiikkaa varten) -kohdetiedostoa ei voitu jäsentää. Virhekoodi: 8014FFF9.

Event Record #/Type180940 / Success
Event Submitted/Written: 04/30/2008 05:46:22 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type180935 / Success
Event Submitted/Written: 04/30/2008 05:46:22 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type180934 / Success
Event Submitted/Written: 04/30/2008 05:46:20 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Ohjelmistojen käyttöoikeuspalvelu käynnistyi.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38706 / Warning
Event Submitted/Written: 04/30/2008 06:21:55 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Purkki27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %Purkki27 ei voi kumota sallimiasi muutoksia.

Lisätietoja:
%Purkki275

Tarkistustunnus: {7B3E5FB4-878F-4BFB-8453-274FBFAC133C}

Käyttäjä: Purkki\Petri

Nimi: %Purkki271

Tunnus: %Purkki272

Vakavuustunnus: %Purkki273

Luokan tunnus: %Purkki274

Löytynyt polku: %Purkki276

Hälytystyyppi: %Purkki278

Havaitsemistyyppi: 1.1.1505.02

Event Record #/Type38705 / Warning
Event Submitted/Written: 04/30/2008 06:21:53 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Purkki27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %Purkki27 ei voi kumota sallimiasi muutoksia.

Lisätietoja:
%Purkki275

Tarkistustunnus: {EEFCD4CD-6175-410A-B4F2-75DB28A2963B}

Käyttäjä: Purkki\Petri

Nimi: %Purkki271

Tunnus: %Purkki272

Vakavuustunnus: %Purkki273

Luokan tunnus: %Purkki274

Löytynyt polku: %Purkki276

Hälytystyyppi: %Purkki278

Havaitsemistyyppi: 1.1.1505.02

Event Record #/Type38704 / Warning
Event Submitted/Written: 04/30/2008 06:21:53 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Purkki27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %Purkki27 ei voi kumota sallimiasi muutoksia.

Lisätietoja:
%Purkki275

Tarkistustunnus: {B73D8A22-5A06-4701-A45E-C379C3A9710A}

Käyttäjä: Purkki\Petri

Nimi: %Purkki271

Tunnus: %Purkki272

Vakavuustunnus: %Purkki273

Luokan tunnus: %Purkki274

Löytynyt polku: %Purkki276

Hälytystyyppi: %Purkki278

Havaitsemistyyppi: 1.1.1505.02

Event Record #/Type38703 / Warning
Event Submitted/Written: 04/30/2008 06:21:53 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Purkki27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %Purkki27 ei voi kumota sallimiasi muutoksia.

Lisätietoja:
%Purkki275

Tarkistustunnus: {ECB1DDE5-2569-40C9-A2B1-AA819A70A10B}

Käyttäjä: Purkki\Petri

Nimi: %Purkki271

Tunnus: %Purkki272

Vakavuustunnus: %Purkki273

Luokan tunnus: %Purkki274

Löytynyt polku: %Purkki276

Hälytystyyppi: %Purkki278

Havaitsemistyyppi: 1.1.1505.02

Event Record #/Type38702 / Warning
Event Submitted/Written: 04/30/2008 06:21:53 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Purkki27 reaaliaikainen suojausagentti havaitsi muutoksia. Microsoft suosittelee, että analysoit muutokset tehneen ohjelman mahdollisten riskien varalta. Ohjelmien toimintaa koskevien tietojen avulla voit valita, haluatko sallia niiden suorittamisen vai poistaa ne tietokoneesta. Salli muutokset vain, jos luotat ohjelmaan tai ohjelmiston julkaisijaan. %Purkki27 ei voi kumota sallimiasi muutoksia.

Lisätietoja:
%Purkki275

Tarkistustunnus: {9CCF0461-786A-4C2B-97DD-B8AC2AE00588}

Käyttäjä: Purkki\Petri

Nimi: %Purkki271

Tunnus: %Purkki272

Vakavuustunnus: %Purkki273

Luokan tunnus: %Purkki274

Löytynyt polku: %Purkki276

Hälytystyyppi: %Purkki278

Havaitsemistyyppi: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-04-30 18:23:09 ------------

Edited by Viilu, 30 April 2008 - 11:02 AM.


#5 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:04:32 AM

Posted 30 April 2008 - 09:53 PM

Hi Viilu,

Are you still getting that message from Norman? If so, please check the log and tell me what file(s) is detected - for example C:\Windows\system32\virus.exe

------------------------------------------------------------------------

Temporarily disable Windows Defender:
  • Open Start->All Programs->Windows Defender
  • Click on Tools from the top menu, then press Options
  • Scroll down to Real-time protection options, uncheck Use real-time protection and press Save
  • Close Windows Defender
Temporarily disable Spybot's TeaTimer. This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
------------------------------------------------------------------------

Please open Start->Control Panel->Uninstall a program/Programs and Features, and remove the following:

BS.Player FREE powered by AdVantage
JavaT 6 Update 3
JavaT 6 Update 5

BS Player is adware, and the Java installations are out of date and now a security risk, you can get the latest update (version 6 update 6) from here

You have LimeWire, a P2P file sharing program installed on your computer. This program does not come bundled with malware as some similar programs do, but peer-to-peer file sharing networks are one of the biggest sources of malware we see. Anything downloaded from them cannot be trusted to be clean, because even if the file appears to be what it claims to be, it can have malware embedded in it.
I recommend you remove it, but of course the choice is yours.
You can remove Limewire via Programs and Features.

------------------------------------------------------------------------

Right-click the HijackThis program or shortcut, and choose Run as administrator to start the program
Choose Do a system scan only and place a checkmark next to the following lines:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Petri\AppData\Local\Temp\fccyARhi.dll,#1

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Make hidden/system files and folders visible:
Click Start -> Computer, press Alt once, then from the top menu select Tools, Click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Show hidden files and folders
UNCHECK the Hide extensions for known file types option
UNCHECK the Hide protected operating system files (recommended) option
Click Yes to confirm and press OK

Use Windows Explorer (right-click Start, select Explore) to find and delete the following folders:

C:\Program Files\AdVantage
D:\Program Files\Webteh\BSplayer
C:\Users\Petri\AppData\Roaming\BSplayer

If you have trouble finding or deleting any, please let me know in your next response.

------------------------------------------------------------------------

Then, please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer

When prompted, allow the installation of ActiveX components from Kaspersky
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save Report As... button, change Save as type: to Text file and save the file to your desktop as Kaspersky.txt
  • If Internet Explorer responds saying the report has been saved to the Temporary Internet Files folder, say Yes to open the folder, then navigate to C -> Users -> (Your username) -> Desktop to locate the report
Note: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

------------------------------------------------------------------------

Once complete, please post the Kaspersky report and a new HijackThis log.
Teacher at Malware Removal University | ASAP & UNITE Member

#6 Viilu

Viilu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 01 May 2008 - 07:57 AM

Thank you for helping. Norman doesn't give the message anymore. I didn't find C:\Program Files\AdVantage in my computer

logs:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 01, 2008 3:52:51 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/05/2008
Kaspersky Anti-Virus database records: 733891
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\

Scan Statistics:
Total number of scanned objects: 133288
Number of viruses found: 2
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 01:18:44

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080418-144127-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080418-144155-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080419-083801-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080419-083849-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080419-123051-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080419-123116-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080420-134031-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080420-134058-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080421-224721-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080421-224750-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080427-115553-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080427-115620-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080430-180122-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080430-180149-0.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpCmdRun.log Object is locked skipped
C:\Deckard\System Scanner\backup\Windows\temp\MpSigStub.log Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Vieras.dat Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Messenger\petri@luupaat.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Messenger\petri@luupaat.com\SharingMetadata\pending.dat Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Messenger\petri@luupaat.com\SharingMetadata\Working\database_3CC2_8B3C_C28A_F982\dfsr.db Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Messenger\petri@luupaat.com\SharingMetadata\Working\database_3CC2_8B3C_C28A_F982\fsr.log Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Messenger\petri@luupaat.com\SharingMetadata\Working\database_3CC2_8B3C_C28A_F982\fsrtmp.log Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Messenger\petri@luupaat.com\SharingMetadata\Working\database_3CC2_8B3C_C28A_F982\tmp.edb Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows\UsrClass.dat{2c36eb04-a997-11dc-9fe2-001bb9f25bfd}.TM.blf Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows\UsrClass.dat{2c36eb04-a997-11dc-9fe2-001bb9f25bfd}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows\UsrClass.dat{2c36eb04-a997-11dc-9fe2-001bb9f25bfd}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows Live Contacts\petri@luupaat.com\real\members.stg Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows Live Contacts\petri@luupaat.com\shadow\members.stg Object is locked skipped
C:\Users\Petri\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Petri\AppData\Local\Mozilla\Firefox\Profiles\hu2t9tuu.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Petri\AppData\Local\Mozilla\Firefox\Profiles\hu2t9tuu.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Petri\AppData\Local\Mozilla\Firefox\Profiles\hu2t9tuu.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Petri\AppData\Local\Mozilla\Firefox\Profiles\hu2t9tuu.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Petri\AppData\Local\Mozilla\Firefox\Profiles\hu2t9tuu.default\XUL.mfl Object is locked skipped
C:\Users\Petri\AppData\Local\Temp\~DF9172.tmp Object is locked skipped
C:\Users\Petri\AppData\Local\Temp\~DF91AF.tmp Object is locked skipped
C:\Users\Petri\AppData\Local\Temp\~DFD4D6.tmp Object is locked skipped
C:\Users\Petri\AppData\Local\Temp\~DFD50E.tmp Object is locked skipped
C:\Users\Petri\AppData\Local\Temp\~DFE37C.tmp Object is locked skipped
C:\Users\Petri\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Petri\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Petri\AppData\Roaming\Mozilla\Firefox\Profiles\hu2t9tuu.default\cert8.db Object is locked skipped
C:\Users\Petri\AppData\Roaming\Mozilla\Firefox\Profiles\hu2t9tuu.default\history.dat Object is locked skipped
C:\Users\Petri\AppData\Roaming\Mozilla\Firefox\Profiles\hu2t9tuu.default\key3.db Object is locked skipped
C:\Users\Petri\AppData\Roaming\Mozilla\Firefox\Profiles\hu2t9tuu.default\parent.lock Object is locked skipped
C:\Users\Petri\AppData\Roaming\Mozilla\Firefox\Profiles\hu2t9tuu.default\search.sqlite Object is locked skipped
C:\Users\Petri\AppData\Roaming\Mozilla\Firefox\Profiles\hu2t9tuu.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Petri\ntuser.dat Object is locked skipped
C:\Users\Petri\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Petri\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Petri\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Petri\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Petri\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Internet Logs\fwdbglog.txt Object is locked skipped
C:\Windows\Internet Logs\fwpktlog.txt Object is locked skipped
C:\Windows\Internet Logs\IAMDB.RDB Object is locked skipped
C:\Windows\Internet Logs\PURKKI.ldb Object is locked skipped
C:\Windows\Internet Logs\tvDebug.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\components Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\default Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\sam Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\security Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\software Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\system Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\0286D5A3321B1ECC8C0CB37FFFC81AF1.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\205A392608F81D29AED35B1206C59F95.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\Program Files\Adobe\Adobe Device Central CS3\AMT\AUMProduct.cer Object is locked skipped
D:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
F:\Sälät\Adobe Premiere Pro CS3 Multi-language Incl Crack1\Adobe Premiere Pro CS3 Multi-language Incl Crack.exe/data.rar/is152259.exe Infected: Packed.Win32.Monder.gen skipped
F:\Sälät\Adobe Premiere Pro CS3 Multi-language Incl Crack1\Adobe Premiere Pro CS3 Multi-language Incl Crack.exe/data.rar Infected: Packed.Win32.Monder.gen skipped
F:\Sälät\Adobe Premiere Pro CS3 Multi-language Incl Crack1\Adobe Premiere Pro CS3 Multi-language Incl Crack.exe RarSFX: infected - 2 skipped
F:\Sälät\Adobe Premiere Pro CS3 Multi-language Incl Crack1\is152259.exe Infected: Packed.Win32.Monder.gen skipped
F:\Sälät\Adobe Premiere Pro CS3 Multi-language Incl Crack1.zip/Adobe Premiere Pro CS3 Multi-language Incl Crack.exe/data.rar/is152259.exe Infected: Packed.Win32.Monder.gen skipped
F:\Sälät\Adobe Premiere Pro CS3 Multi-language Incl Crack1.zip/Adobe Premiere Pro CS3 Multi-language Incl Crack.exe/data.rar Infected: Packed.Win32.Monder.gen skipped
F:\Sälät\Adobe Premiere Pro CS3 Multi-language Incl Crack1.zip/Adobe Premiere Pro CS3 Multi-language Incl Crack.exe Infected: Packed.Win32.Monder.gen skipped
F:\Sälät\Adobe Premiere Pro CS3 Multi-language Incl Crack1.zip ZIP: infected - 3 skipped
F:\Sälät\mirc631.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
F:\Sälät\mirc631.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
F:\Sälät\mirc631.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
F:\Sälät\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
F:\Sälät\mirc631.exe NSIS: infected - 4 skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:54, on 1.5.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
D:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
D:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
D:\Program Files\Norman\Npm\bin\NJEEVES.EXE
D:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
D:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Norman\Npm\Bin\Zlh.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Norman\Nvc\BIN\NIP.EXE
D:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
D:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [recinfo919] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo] RecInfo.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Norman ZANDA] D:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Suorita rekisteröintityökalu.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F30C5A8F-4A19-4378-B715-4BB73F02E582}: NameServer = 217.78.196.2,217.78.196.18
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - D:\Program Files\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - D:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - D:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - D:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - D:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 9609 bytes

#7 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:04:32 AM

Posted 01 May 2008 - 09:35 PM

Hi Viilu,

Use Windows Explorer (right-click Start, select Explore) to find and delete the following:

C:\Deckard <- whole folder
F:\Sälät\Adobe Premiere Pro CS3 Multi-language Incl Crack1 <- whole folder
F:\Sälät\Adobe Premiere Pro CS3 Multi-language Incl Crack1.zip


Please also delete dss.exe from your Desktop

I assume that the installation of Adobe Premiere Pro CS3 on your computer is cracked and therefore illegal, please remove these via Start->Control Panel->Programs and Features:

Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Premiere Pro CS3 Third Party Content


Re-hide hidden/system files and folders:
Click Start -> Computer, press Alt once, then from the top menu select Tools,
Click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Do not show hidden files and folders
CHECK the Hide extensions for known file types option
CHECK the Hide protected operating system files (recommended) option
Press OK

Re-enable Windows Defender real-time protection:
  • Open Start->All Programs->Windows Defender
  • Click on Tools from the top menu, then press Options
  • Scroll down to Real-time protection options, check Use real-time protection and press Save
  • Close Windows Defender
Re-enable Spybot's TeaTimer
  • Open Spybot S&D
  • Click Mode, check Advanced Mode
  • Go To Left Panel, Click Tools, then also in left panel, click Resident
  • If your firewall raises a question, say OK
  • Check the box labeled Resident TeaTimer and OK any prompts.
  • Use File, Exit to terminate Spybot.
  • Reboot your machine for the changes to take effect.
Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start, then right-click Computer, select Properties then click System Protection
  • Next to You can create a Restore Point right now... click Create...
  • Type a name for the Restore Point like All Clean and press OK
  • Once the Restore Point has been created, press OK, OK and close the System dialog box.
Now remove old, infected System Restore points:
  • Next click Start, type cleanmgr in the search box and press Enter
  • Select Files from all users on this computer
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and confirm by pressing Delete
  • Then press OK and Delete Files to confirm
------------------------------------------------------------------------

If the above went well I think your machine is now clean of malware, here are some tips to help you keep it that way:

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malwareremoval.com/viewtopic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
Teacher at Malware Removal University | ASAP & UNITE Member

#8 Viilu

Viilu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 02 May 2008 - 07:08 AM

Thank you! I followed your orders and everything seems ok. If something shows up, I will let you know. Thanks again, buddy :thumbsup:

Edited by Viilu, 02 May 2008 - 07:08 AM.


#9 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:04:32 AM

Posted 02 May 2008 - 07:29 AM

You're welcome :thumbsup:


Since this issue appears to be resolved, this topic has been closed. Glad we could be of assistance.

If you are the topic starter and need this topic reopened, please PM a staff member with a link to this thread and we will reopen it for you. Anyone else who needs assistance should begin a new topic.
Teacher at Malware Removal University | ASAP & UNITE Member




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users