Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack?


  • This topic is locked This topic is locked
2 replies to this topic

#1 zzantor

zzantor

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 01 December 2008 - 02:10 PM

Hi,

My system died the other night .

So I thought I'd use my old system and i mean old P3 800, Till i get a new one.

I did a hijackthis.log and it look like i'm infected with something here's the log.

any help would be much appreciated.

I've done another scan with RSIT.


This is copy from RSIT log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Francis at 2008-12-01 21:02:51
Microsoft Windows XP Professional
System drive C: has 6 GB (32%) free of 20 GB
Total RAM: 511 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:55, on 01/12/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Documents and Settings\Francis\Desktop\RSIT run from desktop.exe
C:\Program Files\trend micro\Francis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ok-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ok-search.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ok-search.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ok-search.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ok-search.com/search.html
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-d4c4b96b0d97} -
O16 - DPF: {82202BE7-C56A-487E-9E55-D84BDC1A5776} - http://install.anark.com/client/version1/w...en/AMClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe

--
End of file - 3906 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2001-08-23 843804]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2002-08-27 3977216]
"nwiz"=nwiz.exe /install []
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2002-06-23 1148928]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SmcService"=C:\PROGRA~1\Sygate\SPF\Smc.exe [2003-03-21 2138183]
"CloneCDElbyCDFL"=C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [2002-11-02 45056]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_CC]
C:\Program Files\Grisoft\AVG6\avgcc32.exe [2003-09-16 345661]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
c:\program files\divx\divx pro codec\gain_trickler_3202.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FlashPath Monitor.lnk]
C:\PROGRA~1\SMARTD~1\FLASHP~1\sdstat.exe [2001-11-16 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Powertweak.lnk]
C:\PROGRA~1\POWERT~1\ptctrl.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-12-01 18:16:19 ----D---- C:\rsit
2008-12-01 18:16:19 ----D---- C:\Program Files\trend micro
2008-12-01 15:48:58 ----D---- C:\Program Files\SecretZip Drive
2008-12-01 00:04:55 ----D---- C:\HijackThis
2008-11-30 11:54:03 ----D---- C:\Program Files\Microsoft Money
2008-11-30 11:53:56 ----D---- C:\Config.Msi
2008-11-30 11:53:54 ----D---- C:\Program Files\Army Operations
2008-11-30 11:53:54 ----D---- C:\My MP3s
2008-11-30 11:53:41 ----D---- C:\Documents and Settings\Francis\Application Data\uTorrent
2008-11-30 02:28:37 ----D---- C:\Documents and Settings\Francis\Application Data\uTorrent(2)
2008-11-29 01:19:20 ----A---- C:\WINDOWS\System32\wmpshell.dll
2008-11-29 01:19:20 ----A---- C:\WINDOWS\System32\wmpdxm.dll
2008-11-29 01:19:20 ----A---- C:\WINDOWS\System32\wmpasf.dll
2008-11-29 01:19:20 ----A---- C:\WINDOWS\System32\wmp.dll
2008-11-29 01:19:20 ----A---- C:\WINDOWS\System32\wmerror.dll
2008-11-29 01:19:20 ----A---- C:\WINDOWS\System32\asferror.dll
2008-11-29 01:19:18 ----A---- C:\WINDOWS\System32\wmploc.dll
2008-11-29 01:19:17 ----A---- C:\WINDOWS\System32\wmpcore.dll
2008-11-29 01:19:17 ----A---- C:\WINDOWS\System32\wmpcd.dll
2008-11-29 01:19:16 ----A---- C:\WINDOWS\System32\wmpui.dll
2008-11-29 01:19:03 ----A---- C:\WINDOWS\System32\mspmsnsv.dll
2008-11-29 01:19:03 ----A---- C:\WINDOWS\System32\CEWMDM.dll
2008-11-29 01:19:02 ----A---- C:\WINDOWS\System32\wmdmps.dll
2008-11-29 01:19:02 ----A---- C:\WINDOWS\System32\wmdmlog.dll
2008-11-29 01:19:02 ----A---- C:\WINDOWS\System32\mswmdm.dll
2008-11-29 01:19:02 ----A---- C:\WINDOWS\System32\msscp.dll
2008-11-29 01:19:02 ----A---- C:\WINDOWS\System32\mspmsp.dll
2008-11-29 00:38:15 ----D---- C:\Documents and Settings\Francis\Application Data\Mozilla
2008-11-29 00:38:04 ----D---- C:\Program Files\Mozilla Firefox
2008-11-28 23:42:27 ----D---- C:\Program Files\Winamp
2008-11-28 23:42:27 ----D---- C:\Documents and Settings\Francis\Application Data\Winamp
2008-11-28 23:04:51 ----A---- C:\WINDOWS\System32\rmoc3260.dll
2008-11-28 23:04:51 ----A---- C:\WINDOWS\System32\pndx5032.dll
2008-11-28 23:04:51 ----A---- C:\WINDOWS\System32\pndx5016.dll
2008-11-28 23:04:51 ----A---- C:\WINDOWS\System32\pncrt.dll
2008-11-28 23:04:49 ----A---- C:\WINDOWS\avisplitter.ini
2008-11-28 23:04:46 ----A---- C:\WINDOWS\System32\yv12vfw.dll
2008-11-28 23:04:45 ----A---- C:\WINDOWS\System32\xvidvfw.dll
2008-11-28 23:04:45 ----A---- C:\WINDOWS\System32\xvidcore.dll
2008-11-28 23:04:44 ----A---- C:\WINDOWS\System32\qt-dx331.dll
2008-11-28 23:04:44 ----A---- C:\WINDOWS\System32\dpl100.dll
2008-11-28 23:04:41 ----A---- C:\WINDOWS\System32\ff_vfw.dll.manifest
2008-11-28 23:04:41 ----A---- C:\WINDOWS\System32\ff_vfw.dll
2008-11-28 23:04:39 ----A---- C:\WINDOWS\System32\msvcr71.dll
2008-11-28 23:04:39 ----A---- C:\WINDOWS\System32\msvcp71.dll
2008-11-28 23:04:38 ----D---- C:\Program Files\K-Lite Codec Pack
2008-11-28 23:04:38 ----D---- C:\Documents and Settings\Francis\Application Data\Real
2008-11-28 23:04:38 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2008-11-28 22:27:47 ----D---- C:\Program Files\uTorrent
2008-11-28 21:55:46 ----D---- C:\Documents and Settings\Francis\Application Data\Media Player Classic
2008-11-28 21:23:16 ----D---- C:\Program Files\BugsysClub Software
2008-11-28 17:03:53 ----HD---- C:\Program Files\Zero G Registry

======List of files/folders modified in the last 1 months======

2008-12-01 18:21:07 ----D---- C:\WINDOWS\Temp
2008-12-01 18:16:19 ----RD---- C:\Program Files
2008-12-01 13:58:02 ----HD---- C:\WINDOWS\inf
2008-12-01 13:58:01 ----D---- C:\WINDOWS\System32\CatRoot2
2008-12-01 02:36:29 ----D---- C:\WINDOWS\system32
2008-12-01 00:02:31 ----D---- C:\WINDOWS
2008-11-30 11:54:15 ----D---- C:\WINDOWS\System32\config
2008-11-30 11:54:10 ----D---- C:\WINDOWS\System32\wbem
2008-11-30 11:54:10 ----D---- C:\WINDOWS\Registration
2008-11-30 11:53:56 ----SHD---- C:\WINDOWS\Installer
2008-11-30 11:53:56 ----D---- C:\Games
2008-11-30 11:53:12 ----D---- C:\WINDOWS\System32\Restore
2008-11-30 11:49:13 ----N---- C:\WINDOWS\win.ini
2008-11-30 11:49:13 ----N---- C:\WINDOWS\system.ini
2008-11-29 23:15:49 ----D---- C:\WINDOWS\pss
2008-11-29 23:14:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-29 17:36:42 ----D---- C:\My Shared Folder
2008-11-29 17:31:54 ----D---- C:\My Downloads
2008-11-29 17:22:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-29 17:19:33 ----A---- C:\WINDOWS\iexplore.ini
2008-11-29 15:39:10 ----SD---- C:\Documents and Settings\Francis\Application Data\Microsoft
2008-11-29 01:19:28 ----RSHDC---- C:\WINDOWS\System32\dllcache
2008-11-29 01:19:28 ----D---- C:\Program Files\Windows Media Player
2008-11-29 01:19:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-29 01:18:06 ----SHD---- C:\System Volume Information
2008-11-29 01:16:53 ----D---- C:\WINDOWS\Help
2008-11-28 23:08:48 ----D---- C:\Documents and Settings\Francis\Application Data\Adobe
2008-11-28 23:08:20 ----D---- C:\WINDOWS\System32\Macromed
2008-11-28 23:02:35 ----D---- C:\Program Files\Common Files\Real
2008-11-28 23:02:33 ----D---- C:\WINDOWS\System32\drivers
2008-11-28 20:23:17 ----D---- C:\Program Files\FightKit
2008-11-28 20:22:56 ----D---- C:\Program Files\DC++
2008-11-28 20:22:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-28 20:22:14 ----D---- C:\WINDOWS\repair
2008-11-28 20:16:10 ----D---- C:\Program Files\WinAce
2008-11-28 17:07:54 ----D---- C:\Program Files\Kazaa Lite
2008-11-28 17:04:18 ----D---- C:\Program Files\Trillian
2008-11-28 17:02:37 ----D---- C:\Program Files\Common Files
2008-11-28 16:15:19 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\ASPI32.sys [1999-09-10 25244]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2001-08-23 34816]
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys []
R2 AvgCore;AVG6 Kernel; \??\C:\PROGRA~1\Grisoft\AVG6\avgcore.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2002-11-29 16320]
R2 FlashNT;FlashNT; C:\WINDOWS\System32\drivers\FlashNT.sys [2001-02-06 72784]
R2 Sdselect;Sdselect; C:\WINDOWS\System32\drivers\Sdselect.sys [2000-11-14 73296]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2002-01-07 8023]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360]
R3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTD80X;100/10M Ethernet PCI Adapter; C:\WINDOWS\System32\DRIVERS\FEAND5.SYS [2001-11-15 22251]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-27 1051434]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2001-08-23 50688]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2001-08-23 18944]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2001-08-17 35200]
S3 3dfxvs;3dfxvs; C:\WINDOWS\System32\DRIVERS\3dfxvsm.sys [2001-08-17 148352]
S3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2002-11-12 53168]
S3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2002-11-12 748544]
S3 AvgFsh;AVG6 Rezident Driver; \??\C:\PROGRA~1\Grisoft\AVG6\avgfsh.sys []
S3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\System32\DRIVERS\IPFilter.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 21760]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
S4 Powert;Powertweak NT helper; \??\C:\PROGRA~1\POWERT~1\powert2k.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AvgServ;AVG6 Service; C:\PROGRA~1\Grisoft\AVG6\avgserv.exe [2002-11-18 20480]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-08-27 94208]
R2 SmcService;Sygate Personal Firewall Pro; C:\Program Files\Sygate\SPF\Smc.exe [2003-03-21 2138183]

-----------------EOF-----------------





This is copy from RSIT info.txt





info.txt logfile of random's system information tool 1.04 2008-12-01 21:02:57

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-aware 6 Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Alcohol 120% (Trial Version)-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
AVG 6.0 Anti-Virus System-->C:\PROGRA~1\Grisoft\AVG6\setup.exe /UNINSTALL
BugsysClub Software-->"C:\Program Files\BugsysClub Software\UninstallerData\Uninstall BugsysClub Software.exe"
CD-DA X-Tractor v0.23-->"C:\Program Files\CD-DA X-Tractor\unins000.exe"
CloneCD-->"C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD"
Colin McRae Rally 2-->C:\Games\colin mcrae rally 2\uninstall.exe
DivX 5.0.3 Bundle-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
DU Meter-->"C:\Program Files\DU Meter\unins000.exe"
DVDCopyGold-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DVDCopyGold\Uninst.isu"
DXRip-->C:\Documents and Settings\Francis\Start Menu\Programs\DXRip\DXRip.lnk
Easy MP3-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Easy MP3\DeIsL1.isu" -c"C:\Program Files\Easy MP3\_ISREG32.DLL"
Enter The Matrix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CD92DB1-1B3B-4296-9456-93EA6BCAA4C5}\setup.exe" -l0x9
FlashPath-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\flashpth.isu -c"C:\Program Files\SmartDisk\FlashPath\fpsm.dll"
GameSpy 3D-->C:\Program Files\GameSpy\uninstall.exe
Gordian Knot Rip Pack 0.28.5-->C:\Program Files\Gordian Knot\uninst.exe
GrabIt 1.4.6 Beta-->"C:\Program Files\GrabIt\unins000.exe"
HexDump extension for Ad-aware 6-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\HEXDUM~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\HEXDUM~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
ICQ-->C:\PROGRA~1\ICQ\ICQUninstall.EXE
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
K-Lite Mega Codec Pack 4.3.4-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
MailWasher Pro-->"C:\Program Files\MailWasher Pro\unins000.exe"
Media Box MP3 Workstation-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Media Box MP3\ST6UNST.LOG"
Microsoft Money 2001-->MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Reader Text-to-Speech for English-->MsiExec.exe /X{E0E400F5-422B-4540-A14F-B0739D71FEE7}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Gaming Zone-->C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
PacificPoker-->C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSFV (Remove only)-->C:\Program Files\QuickSFV\QSFVUNST.EXE C:\Program Files\QuickSFV\
RAR Password Cracker-->C:\Program Files\RAR Password Cracker\uninstall.exe
Read in Microsoft Reader Add-in for Microsoft Word-->MsiExec.exe /I{84F1DAC1-E1BF-4A21-9D2B-DD3E12686A2C}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SiSoftware Sandra 2002 Professional-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\Uninst.isu"
SmartFTP-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
Spyster 1.0.19-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Spyster 1.0.19\ST6UNST.LOG"
Sygate Personal Firewall Pro 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D422994-9E10-11D4-AEB1-00D0B7237D97}\setup.exe" -Uninstall
The Cleaner 3.1-->C:\PROGRA~1\THECLE~1\UNWISE.EXE C:\PROGRA~1\THECLE~1\INSTALL.LOG
VisualRoute 5.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\VisualRoute 5\Uninst.isu"
Webcam Watcher v3.0-->C:\PROGRA~1\Beausoft\WEBCAM~1\UNWISE.EXE C:\PROGRA~1\Beausoft\WEBCAM~1\INSTALL.LOG
WebCams Tourist-->C:\WINDOWS\unvise32.exe C:\Program Files\uninstal.log
WinAce Archiver 2.0-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows XP Hotfix (SP1) [See Q306676 for more information]-->C:\WINDOWS\$NtUninstallQ306676$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XnView 1.37-->"C:\Program Files\XnView\unins000.exe"
YTS Words Suite-->C:\PROGRA~1\DCALCO~1\YTSWOR~1\UNWISE.EXE C:\PROGRA~1\DCALCO~1\YTSWOR~1\INSTALL.LOG

======Hosts File======

127.0.0.1 localhost
127.0.0.1 89.106.106.5
127.0.0.1 www.vidaoptics.com
127.0.0.1 194.126.131.100
127.0.0.1 www.adserver.adtech.de
127.0.0.1 www.adtech.panthercustomer.com
127.0.0.1 194.126.131.130
127.0.0.1 au.download.windowsupdate.com
127.0.0.1 www.adserver2.adtech.de
127.0.0.1 3.64-62-243.reverse.mccolo.com:8081

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0806
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Edited by zzantor, 01 December 2008 - 04:10 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,948 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:41 PM

Posted 14 December 2008 - 06:49 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,948 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:41 PM

Posted 21 December 2008 - 01:41 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please Start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users