Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Virus Alert!, Military Time In Taskbar

  • This topic is locked This topic is locked
2 replies to this topic

#1 kiwimika


  • Members
  • 1 posts
  • Local time:09:17 PM

Posted 15 June 2008 - 10:38 PM

I'm new here and I'm trying ot get some help to this problem. A few days ago, my computer went haywire! My bf told me that the computer was invaded by a virus and I got Symantec messages about sending emails rapidly, and pop ups about a spyware killer. I ran the SmitfraudFix and I couldn't get my registry scanned during that process. I ran AVG and then the pop ups and email notices stopped. However, I still have this lingering effect, I think. Any thoughts??

Here are my DSS results...

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-15 23:21:16
Computer is in Normal Mode.

System Drive C: has 12.26 GiB (less than 15%) free.

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22: VIRUS ALERT!, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Mobile Master\MMAgent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AdsGone\AdsGone.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Mobile Master\MMScan.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {1838F132-A66D-4F6C-B38D-C01524870DD0} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8C03685-83F6-474D-9217-52495EA33C69} - (no file)
O2 - BHO: (no name) - {CF55DD2E-1E2C-44F7-8514-A94864AC2990} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: rtsplgob - {8EA4273D-8CC9-49D9-BEC4-5134C34E3CA0} - (no file)
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - S-1-5-21-4108438243-1673054002-652424546-1003 Startup: AdsGone.lnk = C:\Program Files\AdsGone\AdsGone.exe (User '?')
O4 - S-1-5-21-4108438243-1673054002-652424546-1003 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User '?')
O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\AdsGone.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\program files\microsoft office\office10\excel.exe/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...tallMgr_v01.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196036597828
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2822.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll,
O20 - Winlogon Notify: geBsqRkh - geBsqRkh.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O21 - SSODL: rnopbfgt - {4D906EF2-025A-435F-ACEA-59CC24C98B8A} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Performance Logs and Alerts SysmonLog Service for CDROM Access (SysmonLog Service for CDROM Access) - Unknown owner - C:\WINDOWS\
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

End of file - 10979 bytes

-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 22:26:57 0 d-------- C:\Program Files\Trend Micro
2008-06-15 16:36:51 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-15 16:36:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 16:36:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-13 23:51:53 32 --a-s---- C:\WINDOWS\system32\70873703.dat
2008-06-13 10:35:16 0 d--h----- C:\$AVG8.VAULT$
2008-06-13 10:28:00 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-13 10:27:00 0 d-------- C:\Program Files\AVG
2008-06-13 10:26:49 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-13 09:02:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-06-13 08:04:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-13 08:03:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-12 21:36:13 0 d-------- C:\Program Files\AntiSpywareMaster
2008-06-12 01:52:14 0 d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-06-12 01:43:34 3199 --ahs---- C:\WINDOWS\system32\aIllknpo.ini2
2008-06-08 16:14:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-06-07 16:23:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Flood Light Games
2008-06-07 16:23:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-05-18 14:44:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Home Sweet Home

-- Find3M Report ---------------------------------------------------------------

2008-06-15 21:58:27 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-06-15 16:34:15 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-15 11:12:14 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-13 10:14:50 0 d-------- C:\Program Files\Mobile Master
2008-06-13 10:05:06 2774 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 19:32:27 0 d-------- C:\Program Files\SecondLife
2008-06-11 13:46:15 0 d-------- C:\Program Files\MagicDVDRipper
2008-06-10 03:56:35 0 d-------- C:\Program Files\LimeWire
2008-06-09 01:31:50 0 d-------- C:\Program Files\Morpheus
2008-06-08 16:13:10 0 d-------- C:\Program Files\LeeGTs Games
2008-06-06 17:05:33 0 d-------- C:\Documents and Settings\Owner\Application Data\Mobile Master
2008-06-06 17:03:49 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-06 16:51:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 03:33:39 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-15 22:21:43 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-05-07 22:06:11 0 d-------- C:\Program Files\kSolo
2008-04-22 17:03:05 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-21 22:34:27 0 d-------- C:\Program Files\Finale 2007
2008-04-20 21:30:34 0 d-------- C:\Program Files\Naevius YouTube Converter
2008-04-16 22:23:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-06 23:24:19 9993 --a------ C:\WINDOWS\mozver.dat
2008-04-06 18:32:18 33 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.log
2008-04-06 18:32:16 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-06 18:32:16 1144 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.inf
2008-04-06 18:32:16 7887 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.cat
2008-04-01 01:35:58 668 --a------ C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-03-28 23:19:34 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-26 08:50:45 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a----c- C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a----c- C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a----c- C:\WINDOWS\system32\DivXWMPExtType.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1838F132-A66D-4F6C-B38D-C01524870DD0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8C03685-83F6-474D-9217-52495EA33C69}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF55DD2E-1E2C-44F7-8514-A94864AC2990}]

"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [09/24/2001 10:39: VIRUS ALERT!]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 22:26: VIRUS ALERT!]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [08/03/2006 11:48: VIRUS ALERT!]
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [08/04/2006 10:47: VIRUS ALERT!]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/13/2008 10:27: VIRUS ALERT!]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09: VIRUS ALERT!]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
AdsGone.lnk - C:\Program Files\AdsGone\AdsGone.exe [1/21/2008 2:26:10 PM]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [5/9/2004 5:39:46 PM]

"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=1 (0x1)

"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsqRkh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 01/31/2005 16:13: VIRUS ALERT! 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll 12/20/2005 23:57: VIRUS ALERT! 176128 C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnkllIa

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

















@="Volume shadow copy"

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"MMAgent"=C:\Program Files\Mobile Master\MMAgent.exe

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"602PC SUITE PDF Saver"="C:\Program Files\Common Files\soft602\pdfSaver.exe"
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

AutoRun\command- K:\LaunchU3.exe

-- End of Deckard's System Scanner: finished at 2008-06-15 23:24:46 ------------

BC AdBot (Login to Remove)


#2 Thunder


  • Members
  • 3,294 posts
  • Gender:Male
  • Location:Belgium
  • Local time:03:17 AM

Posted 17 June 2008 - 07:34 AM

Hello Kiwimika and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:


Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Whatever happens, make believe it was intended to ...
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder


  • Members
  • 3,294 posts
  • Gender:Male
  • Location:Belgium
  • Local time:03:17 AM

Posted 16 July 2008 - 03:48 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
Stand Up & Be Counted --> Posted Image <-- And make a difference

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users