Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Antivirus 2008 Pro


  • This topic is locked This topic is locked
2 replies to this topic

#1 evaaaa

evaaaa

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 24 June 2008 - 02:07 AM

I cant find C drive, and D drive, Add/Remove programs , I cant even find control panel, red wallpaper (or what it is :thumbsup: with that stupid sign of infection and below that sign is written that my privacy is in danger and that i have to download antivirus 2008 pro, Btw my "clever" father installed it here i suppose, Thank you so much for help

Deckard's System Scanner v20071014.68
Run by abc on 2008-06-24 08:41:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
36: 2008-06-24 06:41:12 UTC - RP36 - Deckard's System Scanner Restore Point
35: 2008-06-23 19:13:59 UTC - RP35 - Nainštalované Panda Antivirus 2008
34: 2008-06-23 19:08:25 UTC - RP34 - Removed Kaspersky Anti-Virus 7.0.
33: 2008-06-23 18:47:40 UTC - RP33 - Installed Kaspersky Anti-Virus 7.0.
32: 2008-06-23 18:38:54 UTC - RP32 - Odstránené: ESET NOD32 Antivirus


-- First Restore Point --
1: 2008-05-22 11:31:44 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-24 08:45:05
Platform: Windows XP Service Pack 3, v.3300 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.3300)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\abc\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {1AC5A38E-8810-43F0-B9E8-6BBDF01CAD16} - C:\WINDOWS\ksendlbtmqt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: vrmdtneg - {1EDC0625-1B0F-467C-9889-817C3DE3D37C} - C:\WINDOWS\vrmdtneg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [39961511005625306887512923737996] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: xvorfwbd - {1F02886F-47CE-44FF-9CD9-7433D93D8177} - C:\WINDOWS\xvorfwbd.dll
O21 - SSODL: wpvmqosg - {41763D52-59C7-461E-B76C-E794547CF72E} - C:\WINDOWS\wpvmqosg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10070 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 07:12:21 0 d-------- C:\WINDOWS\privacy_danger
2008-06-24 07:10:56 0 d-------- C:\Documents and Settings\abc\Application Data\TmpRecentIcons
2008-06-23 21:23:42 0 d-------- C:\Program Files\Common Files\Panda Software
2008-06-23 21:21:04 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-23 21:14:29 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-06-23 21:14:09 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-06-23 21:14:07 0 d-------- C:\WINDOWS\system32\PAV
2008-06-23 21:13:59 0 d-------- C:\Program Files\Panda Security
2008-06-23 21:11:55 0 d-------- C:\Program Files\Panda Antivirus 2008
2008-06-23 20:47:50 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-23 20:45:11 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-23 20:37:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-23 11:24:24 180224 --a------ C:\WINDOWS\xvorfwbd.dll
2008-06-23 11:24:24 229376 --a------ C:\WINDOWS\wpvmqosg.dll
2008-06-23 11:24:24 155648 --a------ C:\WINDOWS\vrmdtneg.dll
2008-06-23 11:24:24 81920 --a------ C:\WINDOWS\neltabxw.exe
2008-06-23 11:24:24 245760 --a------ C:\WINDOWS\ksendlbtmqt.dll
2008-06-23 11:24:24 94208 --a------ C:\WINDOWS\eexd.exe
2008-06-23 11:24:19 0 d-------- C:\Program Files\XP Antivirus
2008-06-22 18:43:56 0 d-------- C:\Program Files\SecondLife
2008-06-20 21:20:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-06-20 21:18:56 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-20 21:18:02 16384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-06-20 21:18:02 0 d-------- C:\WINDOWS\system32\Adobe
2008-06-14 12:34:22 0 d-------- C:\Program Files\Rockstar Games
2008-06-13 20:02:17 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-03 19:07:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-06-03 19:07:43 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 15:39:18 0 d-------- C:\WINDOWS\system32\824223
2008-05-30 19:03:02 0 d---s---- C:\Documents and Settings\abc\UserData
2008-05-30 15:46:51 0 d-------- C:\Documents and Settings\abc\Application Data\Leadertech
2008-05-30 15:26:15 0 d-------- C:\Documents and Settings\abc\Application Data\AdobeAUM
2008-05-30 15:26:14 0 d-------- C:\Documents and Settings\abc\Application Data\AdobeUM
2008-05-30 15:23:21 0 d-------- C:\Documents and Settings\abc\Application Data\Teleca
2008-05-30 15:23:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-05-30 15:23:05 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-05-30 15:23:01 0 d-------- C:\Program Files\Sony Ericsson
2008-05-30 15:23:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-05-30 14:49:48 0 d-------- C:\Documents and Settings\abc\Application Data\HP
2008-05-29 18:47:14 0 d-------- C:\Documents and Settings\abc\Application Data\vlc
2008-05-29 18:46:56 0 d-------- C:\Program Files\VideoLAN
2008-05-29 07:32:41 0 d-------- C:\Program Files\uTorrent
2008-05-29 07:32:37 0 d-------- C:\Documents and Settings\abc\Application Data\uTorrent
2008-05-28 19:00:09 0 d-------- C:\Documents and Settings\abc\Application Data\WinRAR
2008-05-28 18:39:48 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-28 18:39:46 0 d--h----- C:\WINDOWS\$hf_mig$


-- Find3M Report ---------------------------------------------------------------

2008-06-23 21:23:42 0 d-------- C:\Program Files\Common Files
2008-06-23 21:13:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 16:13:42 0 d-------- C:\Documents and Settings\abc\Application Data\Adobe
2008-06-20 21:18:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-14 10:09:05 0 d-------- C:\Program Files\Skype
2008-06-11 18:29:07 0 d-------- C:\Documents and Settings\abc\Application Data\Skype
2008-06-11 17:40:23 0 d-------- C:\Documents and Settings\abc\Application Data\skypePM
2008-06-08 17:23:41 0 --a------ C:\WINDOWS\XXLGSC
2008-06-06 19:19:28 0 d-------- C:\Documents and Settings\abc\Application Data\ICQ
2008-05-30 15:20:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-22 20:03:31 0 d-------- C:\Program Files\Common Files\Skype
2008-05-22 17:17:52 0 d-------- C:\Program Files\ICQToolbar
2008-05-22 17:17:48 0 d-------- C:\Documents and Settings\abc\Application Data\ICQ Toolbar
2008-05-22 17:09:53 0 d-------- C:\Program Files\ICQ6
2008-05-22 17:07:59 0 d-------- C:\Documents and Settings\abc\Application Data\Mozilla
2008-05-22 16:28:38 0 d-------- C:\Documents and Settings\abc\Application Data\Macromedia
2008-05-22 16:23:00 139775 --a------ C:\WINDOWS\hpoins15.dat
2008-05-22 16:21:59 0 d-------- C:\Program Files\HP
2008-05-22 16:21:54 0 d-------- C:\Documents and Settings\abc\Application Data\HPAppData
2008-05-22 16:20:30 0 d-------- C:\Program Files\Common Files\HP
2008-05-22 16:20:19 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-22 16:20:11 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-22 15:31:00 0 d-------- C:\Program Files\Lavasoft
2008-05-22 15:30:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 15:15:06 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-22 15:15:04 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-22 15:14:43 62 --ahs---- C:\Documents and Settings\abc\Application Data\desktop.ini
2008-05-22 14:40:46 0 d-------- C:\Program Files\Platypus 2-in-1
2008-05-22 14:38:28 0 d-------- C:\Program Files\Rosso Rabbit in Trouble
2008-05-22 14:32:09 0 d-------- C:\Program Files\EA GAMES
2008-05-22 14:28:47 0 d-------- C:\Program Files\Common Files\LightScribe
2008-05-22 14:28:03 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-22 14:26:50 0 d-------- C:\Program Files\Nero
2008-05-22 14:26:43 0 d-------- C:\Documents and Settings\abc\Application Data\IrfanView
2008-05-22 14:25:43 0 d-------- C:\Program Files\PC Translator 2004 full
2008-05-22 14:23:56 0 d-------- C:\Program Files\IrfanView
2008-05-22 14:23:43 0 d-------- C:\Program Files\CyberLink
2008-05-22 14:18:45 0 d-------- C:\Program Files\Microsoft.NET
2008-05-22 14:17:46 0 d-------- C:\Program Files\Microsoft Works
2008-05-22 14:10:04 0 d-------- C:\Program Files\D-Tools
2008-05-22 13:44:33 0 d-------- C:\Program Files\Realtek
2008-05-22 13:44:28 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-22 13:39:27 0 d-------- C:\Documents and Settings\abc\Application Data\InstallShield
2008-05-22 13:31:34 0 d-------- C:\Documents and Settings\abc\Application Data\Identities
2008-05-22 13:27:09 0 d-------- C:\Program Files\microsoft frontpage
2008-05-22 13:26:56 0 -rahs---- C:\MSDOS.SYS
2008-05-22 13:26:56 0 -rahs---- C:\IO.SYS
2008-05-22 13:26:56 0 --a------ C:\CONFIG.SYS
2008-05-22 13:26:56 0 --a------ C:\AUTOEXEC.BAT
2008-05-22 13:25:57 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-22 13:25:25 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-22 13:25:18 0 d-------- C:\Program Files\Movie Maker
2008-05-22 13:24:27 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-22 13:24:08 0 d-------- C:\Program Files\Online Services
2008-05-22 13:24:02 0 d-------- C:\Program Files\Messenger
2008-05-22 13:23:58 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-22 13:23:51 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
02.03.2007 16:52: VIRUS ALERT! 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
02.03.2007 16:52: VIRUS ALERT! 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AC5A38E-8810-43F0-B9E8-6BBDF01CAD16}]
23.06.2008 07:43: VIRUS ALERT! 245760 --a------ C:\WINDOWS\ksendlbtmqt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [03.09.2007 09:52: VIRUS ALERT! C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 12:43: VIRUS ALERT! C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11.05.2007 00:03: VIRUS ALERT!]
"nwiz"="nwiz.exe" [11.05.2007 00:03: VIRUS ALERT! C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11.05.2007 00:03: VIRUS ALERT!]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [22.08.2004 17:05: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.05.2007 13:06: VIRUS ALERT!]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [23.11.2006 15:10: VIRUS ALERT!]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [05.12.2006 22:55: VIRUS ALERT!]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01.03.2007 15:57: VIRUS ALERT!]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11.03.2007 21:34: VIRUS ALERT!]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26.10.2005 16:17: VIRUS ALERT!]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06.06.2005 23:46: VIRUS ALERT!]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [04.10.2007 15:14: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [26.01.2008 16:57: VIRUS ALERT!]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [26.01.2008 06:57: VIRUS ALERT!]
"39961511005625306887512923737996"="C:\Program Files\XP Antivirus\xpa.exe" [23.06.2008 11:24: VIRUS ALERT!]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11.3.2007 21:26:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xvorfwbd"= {1F02886F-47CE-44FF-9CD9-7433D93D8177} - C:\WINDOWS\xvorfwbd.dll [23.06.2008 07:43: VIRUS ALERT! 180224]
"wpvmqosg"= {41763D52-59C7-461E-B76C-E794547CF72E} - C:\WINDOWS\wpvmqosg.dll [23.06.2008 07:43: VIRUS ALERT! 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 15.02.2007 20:02: VIRUS ALERT! 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
napagent
hkmsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-06-24 08:45:26 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Systém Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4800+
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 1022.48 MiB / 403.93 MiB
Pagefile Memory (total/avail): 2460.98 MiB / 1949.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1881.57 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 65.43 GiB total, 45.94 GiB free.
D: is Fixed (NTFS) - 167.45 GiB total, 164.14 GiB free.
E: is CDROM (No Media)
F: is Fixed (NTFS) - 57.26 GiB total, 22.87 GiB free.
G: is CDROM (CDFS)
I: is Removable (No Media)

\\.\PHYSICALDRIVE1 - Hitachi HDT725025VLA380 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Inštalovateľný systém súborov - 65.43 GiB - C:
\PARTITION1 - Rozšírená w/Rozšírená Int 13 - 167.45 GiB - D:

\\.\PHYSICALDRIVE0 - Maxtor 6Y060L0 - 57.26 GiB - 1 partition
\PARTITION0 - Inštalovateľný systém súborov - 57.26 GiB - F:

\\.\PHYSICALDRIVE2 - HP Photosmart C4270 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\abc\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ABC-B3956C1888C
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\abc
LOGONSERVER=\\ABC-B3956C1888C
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Panda Security\Panda Antivirus 2008\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\abc\LOCALS~1\Temp
TMP=C:\DOCUME~1\abc\LOCALS~1\Temp
USERDOMAIN=ABC-B3956C1888C
USERNAME=abc
USERPROFILE=C:\Documents and Settings\abc
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

abc (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> .
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Reader 8.1.0 - Czech --> MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A81000000003}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Grand Theft Auto Vice City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe" -l0x9
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
ICQ Toolbar --> regsvr32 /u /s "C:\PROGRA~1\ICQTOO~1\toolbaru.dll"
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Nero 7 Essentials --> MsiExec.exe /X{A2104078-AAA5-449E-95DD-55C9443A1051}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda Antivirus 2008 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\setup.exe" -l0x1b -removeonly
Platypus 2-in-1 --> "C:\WINDOWS\Platypus 2-in-1\uninstall.exe" "/U:C:\Program Files\Platypus 2-in-1\Uninstall\uninstall.xml"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x1b -removeonly
Rosso Rabbit in Trouble --> C:\PROGRA~1\ROSSOR~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\ROSSOR~1\UNINST~1\INSTALL.LOG
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WebVideo Support --> C:\WINDOWS\neltabxw.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type967 / Error
Event Submitted/Written: 06/23/2008 09:40:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Zlyhanie aplikácie iexplore.exe, verzia 6.0.2900.3300, zlyhanie modulu urlmon.dll, verzia 6.0.2900.3300, adresa zlyhania 0x0003b5e6.
Spracováva sa udalosť viažuca sa konkrétne médium pre [iexplore.exe!ws!]

Event Record #/Type962 / Error
Event Submitted/Written: 06/23/2008 09:24:06 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Zablokovaná aplikácia xpa.exe, verzia 0.0.0.0, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Event Record #/Type953 / Error
Event Submitted/Written: 06/23/2008 09:20:50 PM
Event ID/Source: 8 / crypt32
Event Description:
Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> s chybou: Operácia sa vrátila, pretože uplynul časový limit.

Event Record #/Type919 / Error
Event Submitted/Written: 06/23/2008 08:20:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Zlyhanie aplikácie iexplore.exe, verzia 6.0.2900.3300, zlyhanie modulu urlmon.dll, verzia 6.0.2900.3300, adresa zlyhania 0x0003b5e6.
Spracováva sa udalosť viažuca sa konkrétne médium pre [iexplore.exe!ws!]

Event Record #/Type918 / Error
Event Submitted/Written: 06/23/2008 08:20:14 PM
Event ID/Source: 1000 / Application Error
Event Description:
Zlyhanie aplikácie icq.exe, verzia 6.0.0.6059, zlyhanie modulu unknown, verzia 0.0.0.0, adresa zlyhania 0x003e01c0.
Spracováva sa udalosť viažuca sa konkrétne médium pre [icq.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2781 / Error
Event Submitted/Written: 06/24/2008 08:14:45 AM
Event ID/Source: 10016 / DCOM
Event Description:
Nastavenia povolenia špecifické pre aplikáciu neudeľujú používateľovi NT AUTHORITY\SYSTEM SID (S-1-5-18) povolenie Lokálne Spustenie pre aplikáciu servera COM s identifikátorom CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
. Toto povolenie zabezpečenia možno zmeniť pomocou nástroja na správu Component Services.

Event Record #/Type2759 / Error
Event Submitted/Written: 06/24/2008 07:17:02 AM
Event ID/Source: 10016 / DCOM
Event Description:
Nastavenia povolenia špecifické pre aplikáciu neudeľujú používateľovi NT AUTHORITY\SYSTEM SID (S-1-5-18) povolenie Lokálne Spustenie pre aplikáciu servera COM s identifikátorom CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
. Toto povolenie zabezpečenia možno zmeniť pomocou nástroja na správu Component Services.

Event Record #/Type2744 / Error
Event Submitted/Written: 06/24/2008 07:12:18 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Časový limit (30000 ms) čakania na odpoveď transakcie od služby Panda Software Controller.

Event Record #/Type2739 / Error
Event Submitted/Written: 06/24/2008 07:11:47 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Časový limit (30000 ms) čakania na odpoveď transakcie od služby Panda Software Controller.

Event Record #/Type2735 / Error
Event Submitted/Written: 06/24/2008 07:10:45 AM
Event ID/Source: 10016 / DCOM
Event Description:
Nastavenia povolenia špecifické pre aplikáciu neudeľujú používateľovi NT AUTHORITY\SYSTEM SID (S-1-5-18) povolenie Lokálne Spustenie pre aplikáciu servera COM s identifikátorom CLSID
{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}
. Toto povolenie zabezpečenia možno zmeniť pomocou nástroja na správu Component Services.



-- End of Deckard's System Scanner: finished at 2008-06-24 08:45:26 ------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:59 PM

Posted 24 June 2008 - 04:32 PM

Hello,

* Please download SmitfraudFix (by S!Ri)

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

* Doubleclick SmitFraudFix to start the tool.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

(Warning : running option #2 will set your desktop background blank again. But you can reapply your desktop background again afterwards

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process.

Post the log from smitfraudfix in your next reply together with a new hijackthislog.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Edited by miekiemoes, 24 June 2008 - 04:32 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:59 PM

Posted 04 July 2008 - 07:26 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users