Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirects Randomly.


  • This topic is locked This topic is locked
2 replies to this topic

#1 bap11

bap11

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 29 July 2008 - 05:39 PM

Deckard's System Scanner v20071014.68
Run by bap11 on 2008-07-29 03:31:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as bap11.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:32:09, on 07/29/08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\No-IP\DUC20.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\bap11\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\bap11.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: (no name) - {BE19C4CA-A1DB-4BDD-8CC0-EB2E37C7110A} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {756A8C37-B89C-4BB6-97AF-8BC982027DF1} - https://inspi2.safeguardproperties.com/insp...eb/imgsizer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C26AE63C-35F8-4765-AF37-8A44FC6509FA}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.0.1
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: MySql - Unknown owner - c:/mysql/bin/mysqld-nt.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 4627 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys

S3 pgfilter - \??\c:\program files\peerguardian2\pgfilter.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MySql - c:/mysql/bin/mysqld-nt.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: ACPI\PNPB006\4&DE84786&0
Manufacturer:
Name:
PNP Device ID: ACPI\PNPB006\4&DE84786&0
Service:

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter


-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-29 14:40:18 2954 --a------ C:\Windows\system32\tmp.reg
2008-07-29 10:59:06 0 d-------- C:\Users\All Users\SecuriSoft SARL
2008-07-29 03:31:56 0 d-------- C:\Program Files\Trend Micro
2008-07-19 16:16:21 0 d-------- C:\Program Files\Bullfrog
2008-07-18 07:14:55 0 d-------- C:\Users\All Users\VMware
2008-07-18 07:14:16 0 d-------- C:\Program Files\VMware
2008-07-18 07:14:16 0 d-------- C:\Program Files\Common Files\VMware
2008-07-14 11:16:23 0 d-------- C:\Program Files\Citrix
2008-07-14 10:08:08 150016 --a------ C:\Windows\system32\xqviewer.dll <Not Verified; Seagate Software; Crystal ActiveX Query Viewer>
2008-07-14 10:08:08 139264 --a------ C:\Windows\system32\vbSendMail.dll <Not Verified; FreeVBCode.com; SendMail (SMTP) for Visual Basic 6.0>
2008-07-14 10:08:08 0 d-------- C:\Windows\crystal
2008-07-14 10:08:04 5550080 --a------ C:\Windows\system32\craxdrt.dll <Not Verified; Seagate Software, Inc.; Crystal Reports 8.0 ActiveX Designer.>
2008-07-14 10:08:03 57344 --a------ C:\Windows\system32\CGZipLibrary.dll <Not Verified; CodeGuru; CGZipLibrary>
2008-07-13 16:49:05 0 d-------- C:\Windows\system32\dllcache
2008-07-10 19:09:25 0 d-------- C:\Users\All Users\SimCity Societies
2008-07-09 13:32:23 0 d-------- C:\Program Files\Harvest Massive Encounter
2008-07-01 18:21:16 0 d-------- C:\0 Temp Photo
2008-07-01 18:04:20 0 d-------- C:\TOS
2008-07-01 18:01:16 0 d-------- C:\Users\All Users\pdf995
2008-07-01 18:01:15 122880 --a------ C:\Windows\system32\pdfmona.dll
2008-07-01 18:01:15 51716 --a------ C:\Windows\system32\pdf995mon.dll
2008-07-01 18:01:14 0 d-------- C:\Program Files\pdf995
2008-07-01 17:57:57 0 d-------- C:\mysql
2008-07-01 17:57:48 303616 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-01 17:57:31 0 -rahs---- C:\MSDOS.SYS
2008-07-01 17:57:31 0 -rahs---- C:\IO.SYS
2008-07-01 17:57:17 0 d-------- C:\Program Files\mysqlcc
2008-07-01 17:56:17 700469 --a------ C:\Windows\system32\myodbc3d.dll <Not Verified; MySQL AB; Connector/ODBC 3.51>
2008-07-01 17:56:17 360448 --a------ C:\Windows\system32\myodbc3.dll <Not Verified; MySQL AB; Connector/ODBC 3.51>
2008-07-01 17:56:16 153088 --a------ C:\Windows\system32\UNWISE.EXE
2008-07-01 17:55:40 0 d-------- C:\Program Files\Mysql_Installer_Oct19
2008-06-29 08:17:16 35660 --a------ C:\Windows\DIIUnin.dat
2008-06-29 08:17:13 2829 --a------ C:\Windows\DIIUnin.pif
2008-06-29 08:17:13 94208 --a------ C:\Windows\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-29 08:12:44 0 d-------- C:\Program Files\Diablo II
2008-06-29 00:05:28 0 d-------- C:\Windows\system32\appmgmt


-- Find3M Report ---------------------------------------------------------------

2008-07-29 14:44:14 35 --a------ C:\Users\bap11\AppData\Roaming\SetValue.bat
2008-07-29 14:44:14 691 --a------ C:\Users\bap11\AppData\Roaming\GetValue.vbs
2008-07-29 03:17:09 0 d-------- C:\Users\bap11\AppData\Roaming\VMware
2008-07-29 03:11:11 0 d-------- C:\Users\bap11\AppData\Roaming\uTorrent
2008-07-24 10:11:07 0 d-------- C:\Program Files\Common Files
2008-07-24 09:40:58 0 d-------- C:\Users\bap11\AppData\Roaming\Thinstall
2008-07-16 13:48:19 0 d-------- C:\Program Files\THQ
2008-07-15 08:06:48 0 d-------- C:\Users\bap11\AppData\Roaming\OpenOffice.org2
2008-07-13 15:11:09 0 d-------- C:\Users\bap11\AppData\Roaming\LimeWire
2008-07-09 03:07:45 0 d-------- C:\Program Files\Windows Mail
2008-06-29 08:23:18 21840 --a-----t C:\Windows\system32\SIntfNT.dll
2008-06-29 08:23:18 17212 --a-----t C:\Windows\system32\SIntf32.dll
2008-06-29 08:23:18 12067 --a-----t C:\Windows\system32\SIntf16.dll
2008-06-29 00:05:23 0 d-------- C:\Program Files\Safeguard Properties, Inc
2008-06-28 23:18:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-28 20:11:01 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-25 21:33:34 4096 --a------ C:\Windows\d3dx.dat
2008-06-25 17:20:38 0 d-------- C:\Program Files\Paradox Interactive
2008-06-17 15:17:27 0 d-------- C:\Users\bap11\AppData\Roaming\Mozilla
2008-06-14 13:57:26 0 d-------- C:\Program Files\Real Alternative
2008-06-14 13:57:23 0 d-------- C:\Users\bap11\AppData\Roaming\Real
2008-06-11 11:00:42 0 d-------- C:\Program Files\DOSBox-0.72
2008-06-02 16:30:06 0 d-------- C:\Users\bap11\AppData\Roaming\Hamachi
2008-05-02 11:13:03 52736 --a------ C:\Windows\ipuninst.exe <Not Verified; Interplay Productions; Interplay Uninstaller for Windows 95>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/18/08 23:38]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [12/11/07 17:06]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/11/07 17:06]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12/11/07 17:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/08 04:25]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [05/01/07 22:52]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [05/01/07 22:52]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [02/20/08 11:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/08 02:39]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/07 11:34]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [06/02/07 15:59]

C:\Users\bap11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe [04/21/08 11:36:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^bap11^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bux.to Autoclicker.lnk]
path=C:\Users\bap11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bux.to Autoclicker.lnk
backup=C:\Windows\pss\Bux.to Autoclicker.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
"C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
GPSvcGroup GPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33bf5799-0e6c-11dd-b6f4-0015f2d3cb7f}]
AutoRun\command- F:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-29 03:33:45 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1534.58 MiB / 967.97 MiB
Pagefile Memory (total/avail): 3323.73 MiB / 2601.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1889.43 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 465.76 GiB total, 159.46 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
H: is Fixed (NTFS) - 298.09 GiB total, 128.72 GiB free.
I: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - SAMSUNG HD501LJ ATA Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.77 GiB - C:

\\.\PHYSICALDRIVE0 - ST3320620AS ATA Device - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.09 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\bap11\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BAP
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\bap11
LOCALAPPDATA=C:\Users\bap11\AppData\Local
LOGONSERVER=\\BAP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\bap11\AppData\Local\Temp
TMP=C:\Users\bap11\AppData\Local\Temp
USERDOMAIN=bap
USERNAME=bap11
USERPROFILE=C:\Users\bap11
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

bap11


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Combined Community Codec Pack 2008-01-24 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
Diablo II --> C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
Dreamfall - The Longest Journey --> "C:\Program Files\Dreamfall - The Longest Journey\unins000.exe"
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
Dungeon Keeper 2 --> C:\Program Files\Bullfrog\Dungeon Keeper II\Uninstall.exe
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{7D974ACA-4EE5-412C-8E6A-A5B57B305727}
FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
Harvest Massive Encounter --> "C:\Program Files\Harvest Massive Encounter\unins000.exe"
HijackThis 2.0.2 --> "C:\Users\bap11\Desktop\HijackThis.exe" /uninstall
INSPI2 PC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DE6F0F3-833F-454D-81BC-ADC316094E04}\setup.exe" -l0x9 -removeonly
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire PRO 4.17.1 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
MessengerDiscovery Live 1.4.5408 --> "C:\Program Files\MessengerDiscovery\unins001.exe"
Microsoft Streets & Trips 2007 with GPS Locator --> MsiExec.exe /I{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MySQL Connector/ODBC 3.51 --> C:\Windows\System32\UNWISE.EXE C:\Windows\System32\myodbc3_install.LOG
MySQL Control Center --> MsiExec.exe /I{7EFDA3AC-8A61-43C0-B023-33866829C816}
MySQL Servers and Clients 5.0.0a-alpha --> C:\Windows\IsUninst.exe -fC:\mysql\Uninst.isu
Mysql_Installer_Oct19 --> "C:\Program Files\Mysql_Installer_Oct19\unins000.exe"
Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
No-IP.com DUC (remove only) --> "C:\Program Files\No-IP\DUC20.exe" -uninstall
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up --> "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 --> C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Real Alternative 1.8.0 Lite --> "C:\Program Files\Real Alternative\unins000.exe"
SoundMAX --> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
TOS_Version9.0.36 --> "c:\TOS\unins000.exe"
—H–¾‹«‚ðˆÙ‚É‚·‚é --> C:\Program Files\yuumei\SET_UP.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VMware Workstation --> MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5893 / Error
Event Submitted/Written: 07/29/2008 03:32:16 AM
Event ID/Source: 5 / Microsoft-Windows-CAPI2
Event Description:
http://www.download.windowsupdate.com/msdo...41D829C.crtThis network connection does not exist.

Event Record #/Type5892 / Error
Event Submitted/Written: 07/29/2008 03:32:15 AM
Event ID/Source: 5 / Microsoft-Windows-CAPI2
Event Description:
http://www.download.windowsupdate.com/msdo...1D829C.crt12017 (0x2ef1)

Event Record #/Type5884 / Success
Event Submitted/Written: 07/29/2008 03:16:28 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type5882 / Success
Event Submitted/Written: 07/29/2008 03:16:27 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type5879 / Error
Event Submitted/Written: 07/29/2008 03:16:24 AM
Event ID/Source: 12500 / Distributed Link Tracking Client
Event Description:
c0000156



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29631 / Warning
Event Submitted/Written: 07/29/2008 03:32:23 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%bap27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %bap27 can't undo changes that you allow.

For more information please see the following:
%bap275

Scan ID: {A6ABAC9E-266D-44C6-B082-E3B90F943303}

User: bap\bap11

Name: %bap271

ID: %bap272

Severity ID: %bap273

Category ID: %bap274

Path Found: %bap276

Alert Type: %bap278

Detection Type: 1.1.1600.02

Event Record #/Type29630 / Warning
Event Submitted/Written: 07/29/2008 03:32:23 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%bap27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %bap27 can't undo changes that you allow.

For more information please see the following:
%bap275

Scan ID: {F62A1ABF-5FAE-4EFE-8879-0AE76C846F0F}

User: bap\bap11

Name: %bap271

ID: %bap272

Severity ID: %bap273

Category ID: %bap274

Path Found: %bap276

Alert Type: %bap278

Detection Type: 1.1.1600.02

Event Record #/Type29629 / Warning
Event Submitted/Written: 07/29/2008 03:32:23 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%bap27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %bap27 can't undo changes that you allow.

For more information please see the following:
%bap275

Scan ID: {A7EA7A2A-0CB5-4FA3-A5C6-94CABA043C34}

User: bap\bap11

Name: %bap271

ID: %bap272

Severity ID: %bap273

Category ID: %bap274

Path Found: %bap276

Alert Type: %bap278

Detection Type: 1.1.1600.02

Event Record #/Type29628 / Warning
Event Submitted/Written: 07/29/2008 03:32:20 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%bap27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %bap27 can't undo changes that you allow.

For more information please see the following:
%bap275

Scan ID: {229B55D9-8916-49DF-89F8-C6008653840F}

User: bap\bap11

Name: %bap271

ID: %bap272

Severity ID: %bap273

Category ID: %bap274

Path Found: %bap276

Alert Type: %bap278

Detection Type: 1.1.1600.02

Event Record #/Type29627 / Warning
Event Submitted/Written: 07/29/2008 03:32:20 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%bap27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %bap27 can't undo changes that you allow.

For more information please see the following:
%bap275

Scan ID: {A7314F75-7F7A-4E52-BDF7-984AFA3BC553}

User: bap\bap11

Name: %bap271

ID: %bap272

Severity ID: %bap273

Category ID: %bap274

Path Found: %bap276

Alert Type: %bap278

Detection Type: 1.1.1600.02



-- End of Deckard's System Scanner: finished at 2008-07-29 03:33:45 ------------

BC AdBot (Login to Remove)

 


m

#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:17 PM

Posted 10 August 2008 - 04:02 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:17 PM

Posted 15 August 2008 - 01:33 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users