Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GNAA Last Measure virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 realgfx

realgfx

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 03 November 2008 - 11:02 PM

My aunts have been using my computer, and I find random popups of nasty images popping up on me. It's Gnaa's Last measure virus, but I have no idea how to get rid of it. Please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:40 PM, on 11/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\Windows\System32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe

--
End of file - 8227 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:26 AM

Posted 04 November 2008 - 05:48 AM

Hello realgfx

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 realgfx

realgfx
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 04 November 2008 - 04:44 PM

Thank you for your assistance =)

Logfile of random's system information tool 1.04 (written by random/random)
Run by Vina at 2008-11-04 16:43:32
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 19 GB (37%) free of 52 GB
Total RAM: 2038 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:40 PM, on 11/4/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Vina\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Vina.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunOnce: [symPCCheckup] "C:\Windows\System32\Adobe\Shockwave 11\symcheckupstub.exe" /reboot
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe

--
End of file - 8217 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{1C4B9997-BD2C-4682-9BFA-9DF46A111EC8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-07-29 148912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-06-19 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-11-29 102400]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-06-02 267048]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-20 215552]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2007-09-06 393216]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"symPCCheckup"=C:\Windows\System32\Adobe\Shockwave 11\symcheckupstub.exe [2008-10-31 234872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2008-07-30 2610608]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"Uniblue RegistryBooster 2009"=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-03-08 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prefs]
C:\Program Files\oDesk\oDeskLaunch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-06-19 3664944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Vina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-05-27 547840]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Vina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
HDD temperature.lnk - C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15538325-3fd1-11dd-9247-001e6839b900}]
shell\AutoRun\command - G:\Launch.exe /run


======List of files/folders created in the last 1 months======

2008-11-04 16:43:32 ----D---- C:\rsit
2008-11-03 23:00:44 ----D---- C:\Program Files\Trend Micro
2008-11-03 21:24:18 ----A---- C:\Windows\ntbtlog.txt
2008-11-03 21:21:52 ----D---- C:\Autoruns
2008-11-01 15:19:59 ----D---- C:\TEMP
2008-11-01 13:00:31 ----D---- C:\Users\Vina\AppData\Roaming\Uniblue
2008-11-01 12:41:34 ----D---- C:\ProgramData\Google
2008-11-01 12:41:18 ----D---- C:\Program Files\Google
2008-11-01 12:41:12 ----D---- C:\Users\Vina\AppData\Roaming\IrfanView
2008-11-01 12:41:11 ----D---- C:\Program Files\IrfanView
2008-10-31 04:42:11 ----D---- C:\Windows\system32\Adobe
2008-10-25 23:37:50 ----D---- C:\Program Files\Topaz Labs LLC
2008-10-19 21:41:52 ----D---- C:\Users\Vina\AppData\Roaming\DivX
2008-10-18 21:56:19 ----D---- C:\Users\Vina\AppData\Roaming\SmartFTP
2008-10-18 21:55:34 ----D---- C:\Program Files\SmartFTP Client
2008-10-18 18:52:04 ----D---- C:\Program Files\DivX
2008-10-18 16:58:45 ----D---- C:\Program Files\Acer Inc
2008-10-07 12:08:59 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-10-07 12:08:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-10-07 12:08:50 ----A---- C:\Windows\system32\wmpeffects.dll
2008-10-07 12:07:01 ----A---- C:\Windows\system32\emdmgmt.dll
2008-10-07 12:07:01 ----A---- C:\Windows\system32\dataclen.dll
2008-10-07 12:07:00 ----A---- C:\Windows\system32\cdd.dll
2008-10-06 16:24:09 ----SHD---- C:\Diskeeper
2008-10-06 12:46:18 ----D---- C:\ProgramData\Diskeeper Corporation
2008-10-06 10:14:46 ----D---- C:\Program Files\Diskeeper Corporation

======List of files/folders modified in the last 1 months======

2008-11-04 16:43:35 ----D---- C:\Windows\Temp
2008-11-04 13:44:19 ----D---- C:\Windows\inf
2008-11-04 13:44:19 ----AD---- C:\Windows\System32
2008-11-04 13:44:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-04 13:41:14 ----D---- C:\Windows\Prefetch
2008-11-04 13:21:07 ----SHD---- C:\$RECYCLE.BIN
2008-11-04 13:19:51 ----RD---- C:\Users
2008-11-04 10:35:38 ----SHD---- C:\System Volume Information
2008-11-03 23:00:44 ----RD---- C:\Program Files
2008-11-03 21:51:01 ----D---- C:\Windows\system32\Tasks
2008-11-03 21:37:00 ----D---- C:\Users\Vina\AppData\Roaming\IDM
2008-11-03 21:36:55 ----D---- C:\Users\Vina\AppData\Roaming\DMCache
2008-11-03 21:36:49 ----D---- C:\Users\Vina\AppData\Roaming\WTablet
2008-11-03 21:36:24 ----HD---- C:\ProgramData
2008-11-03 21:34:54 ----SHD---- C:\Windows\Installer
2008-11-03 21:24:18 ----D---- C:\Windows
2008-11-03 21:23:32 ----D---- C:\Users\Vina\AppData\Roaming\Hamachi
2008-11-03 21:20:47 ----D---- C:\Program Files\Mozilla Firefox
2008-11-03 09:11:52 ----D---- C:\Windows\system32\catroot2
2008-10-26 20:36:40 ----D---- C:\Users\Vina\AppData\Roaming\Adobe
2008-10-24 05:00:15 ----SD---- C:\Users\Vina\AppData\Roaming\Microsoft
2008-10-22 19:25:45 ----D---- C:\ProgramData\Adobe
2008-10-22 19:15:00 ----D---- C:\Program Files\Adobe
2008-10-22 19:14:56 ----D---- C:\Program Files\Common Files\Adobe
2008-10-22 19:12:42 ----D---- C:\Windows\system32\drivers
2008-10-22 18:58:45 ----D---- C:\Windows\winsxs
2008-10-22 18:54:31 ----RSD---- C:\Windows\Fonts
2008-10-12 12:40:48 ----D---- C:\Windows\WindowsMobile
2008-10-11 20:09:08 ----D---- C:\Program Files\Microsoft Works
2008-10-11 19:53:23 ----D---- C:\Windows\system32\catroot
2008-10-10 19:55:50 ----D---- C:\Users\Vina\AppData\Roaming\uTorrent
2008-10-07 16:38:04 ----D---- C:\Windows\AppPatch
2008-10-07 11:45:39 ----D---- C:\Windows\Downloaded Installations
2008-10-06 12:46:19 ----AD---- C:\Windows\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-08-18 921600]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-20 179712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-07-13 25280]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-05-27 96896]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-14 6144]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-11-29 192816]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
S3 ovt519;PS2 EyeToy SLEH-00030 Webcam; C:\Windows\System32\Drivers\ov519vid.sys [2003-05-06 163072]
S3 P1171VID;Creative WebCam Notebook #2; C:\Windows\system32\DRIVERS\P1171Vid.sys [2004-03-19 91392]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-20 15872]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2008-04-23 15656]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2008-04-04 1123608]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 TabletServiceWacom;TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [2008-06-06 3406120]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 HDDTService;HDD Temperature; C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe [2004-11-24 384512]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-22 655624]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.04 2008-11-04 16:43:44

======Uninstall list======

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
ActivePerl 5.10.0 Build 1004-->MsiExec.exe /I{82A27957-45D5-41BC-8593-60249895727B}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVI DivX to DVD SVCD VCD Converter 2.2.2-->"C:\Program Files\AVI DivX to DVD SVCD VCD Converter\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Camtasia Studio 5-->MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A} C:\Users\Vina\AppData\Local\Temp\PainterX.log
Corel Painter X-->MsiExec.exe /I{05D60953-9012-44DF-A1A6-9DD97AD6580A}
Creative WebCam Notebook Driver (1.04.01.0322)-->C:\Windows\CtDrvIns.exe -uninstall -script Pd1171.uns -unsext NT -plugin P1171Pin.dll -pluginres P1171Pin.crl
CrossLoop 2.20-->"C:\Program Files\CrossLoop\unins000.exe"
Diskeeper 2008 Pro Premier-->MsiExec.exe /X{B695F0BF-D610-4C5E-B7AC-C9FF6C172CC0}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
ESET NOD32 Antivirus-->MsiExec.exe /I{3407FD83-0A2F-475E-BE94-34F1FA342C84}
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HDD Temperature-->MsiExec.exe /I{6C8F4EAB-CC57-42C5-9BAD-B5605675D69D}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
Ipswitch WS_FTP Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.8.0 Basic-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Last.fm 1.5.1.30182-->"C:\Program Files\Last.fm\unins000.exe"
Magic ISO Maker v5.5 (build 0261)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.97-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Marsu-Fix-->C:\Windows\Marsu-Fix Uninstaller.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
ObjectDock Plus-->C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
Opera 9.51-->MsiExec.exe /X{179624B1-2683-45ED-965A-B72189EB5820}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PS2 EyeToy SLEH-00030 Webcam-->C:\Windows\CleanDev.exe C:\Windows\ov519.TXT
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
SmartFTP Client-->MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Topaz Vivacity-->MsiExec.exe /I{C13A8E73-7E98-4295-BA94-6931701CD1F9}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
Winbond CIR Drivers-->MsiExec.exe /X{427967BF-09F8-46D5-9275-37001CCBBA5D}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 activate.adobe.com

======Security center information======

AV: ESET NOD32 Antivirus 3.0
AS: ESET NOD32 Antivirus 3.0
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Perl\site\bin;C:\Perl\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\DISKEE~1\DISKEE~1\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:26 AM

Posted 04 November 2008 - 09:12 PM

You are welcome :thumbsup:

Nothing showing in that log so let's do the following:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 realgfx

realgfx
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 04 November 2008 - 09:45 PM

I'm not sure why these nasty popups keep happening. Uniblue registry booster was also installed on the same day that the this started happening.

Malwarebytes' Anti-Malware 1.30
Database version: 1366
Windows 6.0.6001 Service Pack 1

11/4/2008 9:42:55 PM
mbam-log-2008-11-04 (21-42-55).txt

Scan type: Quick Scan
Objects scanned: 51981
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by realgfx, 04 November 2008 - 10:29 PM.


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:26 AM

Posted 04 November 2008 - 11:05 PM

Are you still getting popups?
=================
Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      FIle - Lop check
      File - Purity Scan
      Under Basic scans:
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Attach the information back here. I will review it when it comes in.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 realgfx

realgfx
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 04 November 2008 - 11:31 PM

I still get the pop ups ><

The file was too big to attached, so I uploaded it. Hope that's ok.

http://www.mediafire.com/download.php?jwjgzjmmzqm

Edited by realgfx, 04 November 2008 - 11:33 PM.


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:26 AM

Posted 05 November 2008 - 12:09 AM

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 realgfx

realgfx
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 05 November 2008 - 08:23 PM

Wednesday, November 5, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, November 05, 2008 19:49:22
Records in database: 1370636
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
Scan statistics
Files scanned 137394
Threat name 3
Infected objects 5
Suspicious objects 0
Duration of the scan 01:46:14

File name Threat name Threats count
C:\Program Files\CrossLoop\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\Program Files\CrossLoop\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\Users\Vina\Desktop\Portfolio\Website Backup\backup-vtension.com-7-21-2008\backup-vtension.com-7-21-2008 Infected: Backdoor.Win32.VB.eva 1
C:\Users\Vina\Desktop\Portfolio\Website Backup\backup-vtension.com-7-21-2008.tar Infected: Backdoor.Win32.VB.eva 1
D:\Backup\Topaz Vivacity.zip

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:26 AM

Posted 06 November 2008 - 05:57 AM

Hi can you afford to get rid of these?
They are infected.

C:\Users\Vina\Desktop\Portfolio\Website Backup\backup-vtension.com-7-21-2008\backup-vtension.com-7-21-2008
C:\Users\Vina\Desktop\Portfolio\Website Backup\backup-vtension.com-7-21-2008.tar
D:\Backup\Topaz Vivacity.zip
=========================
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 realgfx

realgfx
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 06 November 2008 - 05:05 PM

I've deleted the files, and I also like to note that I haven't been having the popups for the past day anymore.

ComboFix 08-11-05.02 - Vina 2008-11-06 16:57:16.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.969 [GMT -5:00]
Running from: c:\users\Vina\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-05 18:12 . 2008-11-05 18:13 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-05 17:54 . 2008-11-05 17:56 <DIR> d-------- c:\windows\System32\drivers\Avg
2008-11-05 17:54 . 2008-11-05 17:54 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-11-05 17:54 . 2008-11-05 17:54 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-11-05 17:52 . 2008-11-05 17:54 <DIR> d-------- c:\program files\AVG
2008-11-05 17:51 . 2008-11-05 17:54 <DIR> d-------- c:\users\All Users\avg8
2008-11-05 17:51 . 2008-11-05 17:54 <DIR> d-------- c:\programdata\avg8
2008-11-04 23:09 . 2008-11-04 23:09 <DIR> d-------- c:\program files\PCPitstop
2008-11-04 22:45 . 2008-11-05 18:13 <DIR> d-------- c:\program files\Exterminate It!
2008-11-04 21:38 . 2008-11-04 21:38 <DIR> d-------- c:\users\Vina\AppData\Roaming\Malwarebytes
2008-11-04 21:38 . 2008-11-04 21:38 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-04 21:38 . 2008-11-04 21:38 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-04 21:32 . 2008-11-04 21:32 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-04 16:43 . 2008-11-04 16:43 <DIR> d-------- C:\rsit
2008-11-04 13:21 . 2008-11-04 13:21 <DIR> d-------- c:\users\Guest\AppData\Roaming\HP
2008-11-04 13:20 . 2008-11-04 13:20 <DIR> dr------- c:\users\Guest\Searches
2008-11-04 13:20 . 2008-11-04 13:20 <DIR> dr------- c:\users\Guest\Contacts
2008-11-04 13:20 . 2008-11-04 13:20 <DIR> d-------- c:\users\Guest\AppData\Roaming\WTablet
2008-11-04 13:19 . 2008-11-04 13:20 <DIR> dr------- c:\users\Guest\Videos
2008-11-04 13:19 . 2008-11-04 13:20 <DIR> dr------- c:\users\Guest\Saved Games
2008-11-04 13:19 . 2008-11-04 13:20 <DIR> dr------- c:\users\Guest\Pictures
2008-11-04 13:19 . 2008-11-04 13:20 <DIR> dr------- c:\users\Guest\Music
2008-11-04 13:19 . 2008-11-04 13:20 <DIR> dr------- c:\users\Guest\Links
2008-11-04 13:19 . 2008-11-04 13:20 <DIR> dr------- c:\users\Guest\Downloads
2008-11-04 13:19 . 2008-11-04 13:20 <DIR> dr------- c:\users\Guest\Documents
2008-11-04 13:19 . 2006-11-02 07:37 <DIR> d-------- c:\users\Guest\AppData\Roaming\Media Center Programs
2008-11-04 13:19 . 2008-11-04 13:20 <DIR> d--h----- c:\users\Guest\AppData
2008-11-04 13:19 . 2008-11-04 13:20 <DIR> d-------- c:\users\Guest
2008-11-03 23:00 . 2008-11-03 23:00 <DIR> d-------- c:\program files\Trend Micro
2008-11-02 18:04 . 2008-11-02 18:04 268 --ah----- C:\sqmdata02.sqm
2008-11-02 18:04 . 2008-11-02 18:04 244 --ah----- C:\sqmnoopt02.sqm
2008-11-01 15:19 . 2008-11-01 15:19 <DIR> d-------- C:\TEMP
2008-11-01 13:00 . 2008-11-01 13:00 <DIR> d-------- c:\users\Vina\AppData\Roaming\Uniblue
2008-11-01 12:41 . 2008-11-01 12:41 <DIR> d-------- c:\users\Vina\AppData\Roaming\IrfanView
2008-11-01 12:41 . 2008-11-01 16:17 <DIR> d-------- c:\users\All Users\Google
2008-11-01 12:41 . 2008-11-01 12:41 <DIR> d-------- c:\program files\IrfanView
2008-11-01 12:41 . 2008-11-04 21:16 <DIR> d-------- c:\program files\Google
2008-10-31 04:42 . 2008-10-31 04:42 <DIR> d-------- c:\windows\System32\Adobe
2008-10-25 23:37 . 2008-10-25 23:37 <DIR> d-------- c:\program files\Topaz Labs LLC
2008-10-19 21:41 . 2008-10-19 21:41 <DIR> d-------- c:\users\Vina\AppData\Roaming\DivX
2008-10-18 21:56 . 2008-10-18 21:56 <DIR> d-------- c:\users\Vina\AppData\Roaming\SmartFTP
2008-10-18 21:55 . 2008-10-18 21:55 <DIR> d-------- c:\program files\SmartFTP Client
2008-10-18 18:52 . 2008-10-18 18:52 <DIR> d-------- c:\program files\DivX
2008-10-18 16:58 . 2008-10-18 16:58 <DIR> d-------- c:\program files\Acer Inc
2008-10-17 19:07 . 2008-10-17 19:07 268 --ah----- C:\sqmdata01.sqm
2008-10-17 19:07 . 2008-10-17 19:07 244 --ah----- C:\sqmnoopt01.sqm
2008-10-12 12:41 . 2008-10-12 12:41 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2008-10-07 12:08 . 2008-07-30 20:13 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-07 12:08 . 2008-06-25 22:29 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-10-07 12:08 . 2008-07-30 22:32 28,160 --a------ c:\windows\System32\Apphlpdm.dll
2008-10-07 12:07 . 2008-08-01 20:01 625,152 --a------ c:\windows\System32\drivers\dxgkrnl.sys
2008-10-07 12:07 . 2008-06-25 22:29 565,248 --a------ c:\windows\System32\emdmgmt.dll
2008-10-07 12:07 . 2008-05-08 14:21 211,968 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-10-07 12:07 . 2008-05-19 21:07 148,480 --a------ c:\windows\System32\drivers\nwifi.sys
2008-10-07 12:07 . 2008-06-25 22:29 45,056 --a------ c:\windows\System32\dataclen.dll
2008-10-07 12:07 . 2008-08-01 22:26 36,864 --a------ c:\windows\System32\cdd.dll
2008-10-06 16:24 . 2008-10-06 16:24 <DIR> d--hs---- C:\Diskeeper
2008-10-06 12:46 . 2008-10-06 12:46 <DIR> d-------- c:\users\All Users\Diskeeper Corporation
2008-10-06 12:46 . 2008-10-06 12:46 <DIR> d-------- c:\programdata\Diskeeper Corporation
2008-10-06 10:14 . 2008-10-06 10:14 <DIR> d-------- c:\program files\Diskeeper Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 15:37 --------- d-----w c:\users\Vina\AppData\Roaming\Apple Computer
2008-11-05 04:21 --------- d-----w c:\users\Vina\AppData\Roaming\Hamachi
2008-11-05 04:14 --------- d-----w c:\users\Vina\AppData\Roaming\WTablet
2008-11-05 04:14 --------- d-----w c:\users\Vina\AppData\Roaming\DMCache
2008-11-04 02:37 --------- d-----w c:\users\Vina\AppData\Roaming\IDM
2008-10-23 00:14 --------- d-----w c:\program files\Common Files\Adobe
2008-10-20 23:28 494 ----a-w c:\users\Vina\AppData\Roaming\wklnhst.dat
2008-10-12 01:09 --------- d-----w c:\program files\Microsoft Works
2008-10-11 00:55 --------- d-----w c:\users\Vina\AppData\Roaming\uTorrent
2008-10-03 03:12 --------- d-----w c:\program files\Java
2008-10-03 03:10 --------- d-----w c:\program files\Common Files\Java
2008-09-16 00:14 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w c:\windows\System32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\System32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\System32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\System32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\System32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\System32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\System32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\System32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\System32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2008-09-09 21:21 --------- d-----w c:\users\Vina\AppData\Roaming\MAXON
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-07-30 2610608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-11-29 102400]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-20 215552]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-09-06 393216]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-05 1234712]

c:\users\Vina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-07-13 625952]
HDD temperature.lnk - c:\program files\PalickSoft\HDD Temperature\HDDTemperature.exe [2004-11-24 657920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Users^Vina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Vina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 06:38 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-06-19 14:15 3664944 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AC0A1C51-FCBB-478D-8878-754A23A2F133}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C18274FE-266B-4E13-AF5D-A933F14723E3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CE84C541-F292-4237-9668-3A73E0E2312F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{47AAE28B-BF2A-4C18-BA3E-73D856370025}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{E4314B80-AD13-4BF3-9053-8AC29F02C322}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{EF5A2EBF-3D17-40E6-A89F-8F3DAC120AFB}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{EF4867B2-CC14-48E7-9AC0-F8C1EAD0406E}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{45C08DC2-0BE5-46B9-9B1D-1B4054A9B6FE}c:\\program files\\crossloop\\crossloopconnect.exe"= UDP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"UDP Query User{0D62B02F-639F-4EFB-A35E-6A64F21D412F}c:\\program files\\crossloop\\crossloopconnect.exe"= TCP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"TCP Query User{F1071C21-47FF-4FF8-98E0-84DD885A433F}d:\\documents\\open canvas\\open canvas.exe"= UDP:d:\documents\open canvas\open canvas.exe:Open Canvas
"UDP Query User{1B89890B-ED33-4761-9D35-9A0AAAB4C128}d:\\documents\\open canvas\\open canvas.exe"= TCP:d:\documents\open canvas\open canvas.exe:Open Canvas
"TCP Query User{A27E3E56-698A-437F-85E9-177BF7BB441B}d:\\documents\\open canvas\\open canvas.exe"= UDP:d:\documents\open canvas\open canvas.exe:Open Canvas
"UDP Query User{2526C3DF-36B2-4279-9085-E8A61573F7D9}d:\\documents\\open canvas\\open canvas.exe"= TCP:d:\documents\open canvas\open canvas.exe:Open Canvas
"{BFB874A8-DF54-489B-94D1-551C989A00D8}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{575C1003-1A1E-40C8-A1FB-FF8FA3DB61B1}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{06E9E332-DE84-468F-80B7-8E11FE126A2B}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A15F97CA-49BA-48AD-8DC5-336BD46198CC}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{8A771DC1-0D7B-4E9F-98A6-081AFECC807C}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{0A113711-AA61-490F-82C2-D80A7FA7E271}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{C5E552DA-6BE6-4197-8884-431D22205A82}c:\\program files\\crossloop\\crossloopconnect.exe"= UDP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"UDP Query User{07EFEE26-01F4-46FB-BC14-8A90B3CE38A2}c:\\program files\\crossloop\\crossloopconnect.exe"= TCP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"{D91E7A85-894D-4E18-ACA3-3E2C5867D90A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3F602A3E-8121-4EAE-A761-AFE438869076}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{1EBE1578-346C-49A6-885B-8C9F0A085751}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{4DD4562F-DE2F-4FB9-B6C3-525467667889}c:\\program files\\ipswitch\\ws_ftp pro\\wsftpgui.exe"= UDP:c:\program files\ipswitch\ws_ftp pro\wsftpgui.exe:WS_FTP Pro Application
"UDP Query User{EEBAF6E3-B3FB-4EED-9839-1797D773AFAF}c:\\program files\\ipswitch\\ws_ftp pro\\wsftpgui.exe"= TCP:c:\program files\ipswitch\ws_ftp pro\wsftpgui.exe:WS_FTP Pro Application
"{927932B0-AF5F-4E93-BD06-A8B0C978431A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{51E6950E-990A-4575-AA26-D3D8A1632D85}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{53BED309-4CE9-4B1B-A1E7-D2D5A7C10BD6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{187638FD-AFBB-40E6-9865-BC949250EAB7}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{30645086-57F3-4179-9275-8FE5530E2748}"= UDP:990:LocalSubnet:LocalSubnet|IF={7114BF51-714B-431C-817B-3AD316D2AAAC}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{002A6040-AC01-4D7E-AC56-A97C0F56B5CF}c:\\program files\\internet download manager\\idman.exe"= UDP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"UDP Query User{E52A9013-8E98-4BE7-96AD-9B28B76770A1}c:\\program files\\internet download manager\\idman.exe"= TCP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"{DCB147C8-28C8-414B-B1FF-9F3DA0B1F19D}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{0DA8D433-170A-4668-B91E-14D01662EACA}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{31484323-BA29-4C67-88F7-F72BB5D7D727}"= UDP:5353:Adobe CSI CS4
"{95B008D8-6B84-4F6A-AE6B-39FCE489925A}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{5754EF1B-C41B-4EBD-BD15-EF875FDFB36D}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{CD27964A-6B40-4AF0-9E46-808EE6922098}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-05 97928]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-05 231704]
R2 HDDTService;HDD Temperature;c:\program files\PalickSoft\HDD Temperature\HDDTSvc.exe [2004-11-24 384512]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-06-06 3406120]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-20 179712]
R3 wacommousefilter;Wacom Mouse Filter Driver;c:\windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver;c:\windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver;c:\windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
S3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\DRIVERS\P1171Vid.sys [2004-03-19 91392]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-04-23 15656]
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - "F:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Launch.exe /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15538325-3fd1-11dd-9247-001e6839b900}]
\shell\AutoRun\command - G:\Launch.exe /run

*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-06 c:\windows\Tasks\User_Feed_Synchronization-{1C4B9997-BD2C-4682-9BFA-9DF46A111EC8}.job
- c:\windows\system32\msfeedssync.exe [2008-01-20 21:24]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
MSConfigStartUp-Prefs - c:\program files\oDesk\oDeskLaunch.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Vina\AppData\Roaming\Mozilla\Firefox\Profiles\o3nlxj8n.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Opera\program\plugins\NP_IDM1.dll
FF -: plugin - c:\program files\Opera\program\plugins\NP_IDM2.dll
FF -: plugin - c:\program files\Opera\program\plugins\NP_IDM3.dll
FF -: plugin - c:\program files\Opera\program\plugins\NP_IDM4.dll
FF -: plugin - c:\program files\Opera\program\plugins\NP_IDM5.dll
FF -: plugin - c:\program files\Opera\program\plugins\npdivx32.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 16:59:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-06 17:01:49
ComboFix-quarantined-files.txt 2008-11-06 22:01:42

Pre-Run: 21,914,431,488 bytes free
Post-Run: 21,835,599,872 bytes free

258 --- E O F --- 2008-10-12 01:09:21

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:26 AM

Posted 07 November 2008 - 06:13 AM

Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 realgfx

realgfx
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 07 November 2008 - 07:25 PM

Thank you for your help =)

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:26 AM

Posted 07 November 2008 - 09:57 PM

You are welcome :thumbsup:


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users