Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I feel unsafe...

  • This topic is locked This topic is locked
2 replies to this topic

#1 mattwb


  • Members
  • 2 posts
  • Local time:03:55 AM

Posted 14 June 2011 - 05:23 AM

Hello, I'm matt and i'm feeling pretty unsafe... I am a computer engineer, and lots of guys try to steal my work... Today i've done a stupid mistake... I installed uniblue's piece of .... "powersuite" with a working serial.. well, i checked haven't checked google before, but recently did, and i found out that it's a scam and a backdoor/downloader...And my system is running VERY SLOW.. I've got a 2GB/1.6GHz PC, with WINDOWS 7, Purchased. It all started like this since i updated to Avast 6, i have to mention that all piece of software i use is purchased, except this uniblue.. wich's serial i got from a friend.. Please analyze my HijackThis Log! And also, please request me any further system scan needed. And by the way, i can pay if needed. Thank you.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:48 PM, on 6/14/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
C:\Program Files\Messenger Plus!\PlusService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Uniblue\PowerSuite\powersuite.exe
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Uniblue\DriverScanner\driverscanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000567} - (no file)
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: (no name) - {3b52afa8-26db-4987-aa07-6f9cfb5da2b5} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,userinit.exe
O1 - Hosts: typepad.com
O1 - Hosts: istockphoto.com
O1 - Hosts: yfrog.com
O1 - Hosts: 126.com
O1 - Hosts: qvc.com
O1 - Hosts: SlideShare.com
O1 - Hosts: xing.com
O1 - Hosts: seesaa.net
O1 - Hosts: hootsuite.com
O1 - Hosts: soku.com
O1 - Hosts: metacafe.com
O1 - Hosts: tribalfusion.com
O1 - Hosts:
O1 - Hosts: ustream.tv
O1 - Hosts: linkwithin.com
O1 - Hosts: scan.novirusthanks.org
O1 - Hosts: imagevenue.com
O1 - Hosts: booking.com
O1 - Hosts: vnexpress.net
O1 - Hosts: pandora.com
O1 - Hosts: softonic.com
O1 - Hosts: match.com
O1 - Hosts: nwt.com
O1 - Hosts: nttnavi.com
O1 - Hosts: nrk.no
O1 - Hosts: nozonedata.com
O1 - Hosts: nachtagenten.com
O1 - Hosts: musicmatch.com
O1 - Hosts: moscowtimes.com
O1 - Hosts: SlideShare.com
O1 - Hosts: mgd.com
O1 - Hosts: mediastorm.hu
O1 - Hosts: media-servers.com
O1 - Hosts: m5prod.com
O1 - Hosts: lupa.com
O1 - Hosts: liveintercom.com
O1 - Hosts: keenspace.com
O1 - Hosts: jetsoftware.com
O1 - Hosts: jamba.com
O1 - Hosts: ir.com
O1 - Hosts: investopedia.com
O1 - Hosts: choiceradio.com
O1 - Hosts: booking.com
O1 - Hosts: vnexpress.net
O1 - Hosts: chip.com
O1 - Hosts: redv.net
O1 - Hosts: cgi.com
O1 - Hosts: centcomm.com
O1 - Hosts: digitallook.com
O1 - Hosts: domainfactory.com
O1 - Hosts: dvdfocomm.nu
O1 - Hosts: e-kolay.com
O1 - Hosts: eurosport.com
O1 - Hosts: f1cd.com
O1 - Hosts: free6.com
O1 - Hosts: cdmworldsoftware.com
O1 - Hosts: grafika.com
O1 - Hosts: adware-delete.com
O1 - Hosts: hbv.com
O1 - Hosts: protectorsuite.com
O1 - Hosts: howstuffworks.com
O1 - Hosts: httpool.com
O1 - Hosts: hyena.com
O1 - Hosts: iinfo.com
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {3b52afa8-26db-4987-aa07-6f9cfb5da2b5} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Dot TK Registry Toolbar - {22EB0F38-22A5-405B-8308-677DAA3318CF} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
O4 - HKLM\..\Run: [TortoiseHgOverlayIconServer] C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
O4 - HKLM\..\Run: [PlusService] "C:\Program Files\Messenger Plus!\PlusService.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PowerSuite] "C:\Program Files\Uniblue\PowerSuite\launcher.exe" delay 20000 -m
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {13750BBB-B753-4d3d-B660-3AEEE71535A7} - (no file)
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apache2.2 - Advanced Micro Devices - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dcserv - Unknown owner - C:\Windows\system32\test\svchost.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

End of file - 9777 bytes

C:\Windows\V0230Mon.exe - My camera driver (TRUSTED)
TortoiseSVN - The SVN Checkout i use... (TRUSTED)
TuneUp - I don't really know what that is...
Anything with uniblue in it (UNTRUSTED)
Steam - Game Platform (TRUSTED)
Packet Capture - Hehe (TRUSTED)
Should i unistall those by hand? (removing from registry, and deleting files used by process sump?)
Please answer me... Thanks in advance..

BC AdBot (Login to Remove)


#2 mattwb

  • Topic Starter

  • Members
  • 2 posts
  • Local time:03:55 AM

Posted 14 June 2011 - 06:08 AM

Ohh bleep it.. I will unistall my windows... With backing up registry... my mouse is bleeped up now, from a restart... DO NOT EVER DOWNLOAD OR INSTALL UNIBLUE's SOFTWARE!!!

//Also, I'm gonna install ReactOS, I heard it is faster than windows but still same shell..

#3 Budapest


    Bleepin' Cynic

  • Moderator
  • 23,579 posts
  • Gender:Male
  • Local time:06:55 PM

Posted 14 June 2011 - 04:46 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users