Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud C Core Service Pop Up Long Time To Boot


  • Please log in to reply
12 replies to this topic

#1 notorious66

notorious66

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 21 May 2007 - 11:09 AM

Hi. I just bouhgt a used pc and it has so much stuff on it I ttried cleanning it with all the stuff you guys asked to.

here is all my log files

Logfile of HijackThis v1.99.1
Scan saved at 12:00:55 PM, on 5/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\TEMP\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\lpjqvicd.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm088YYCA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?0cd794c322a0459f819618c664fae0f2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?0cd794c322a0459f819618c664fae0f2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xxjustforuxx.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160620738109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe" "C:\Program Files\NewDotNet\nncore.dll" ServiceStart (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

If you need anything please tell me Please help me thanks

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 21 May 2007 - 12:29 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum notorious66 :thumbsup:

Click on Start/Run,type CMD then press Ok.
At the Command Prompt copy and paste the following commands pressing Enter after each one.

SC STOP NNServ
SC DELETE NNServ


Then type EXIT then press Enter.
Restart your pc.

************************

Go to and delete:
C:\WINDOWS\TEMP\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

Now download and install Hijackthis.
This is a self-extracting version which will automatically install HJT to C:\Program Files\Hijackthis by default.
A desktop shortcut can be created during install under 'Select Additional Tasks'.

************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

************************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 notorious66

notorious66
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 21 May 2007 - 01:09 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum notorious66 :thumbsup:

Click on Start/Run,type CMD then press Ok.
At the Command Prompt copy and paste the following commands pressing Enter after each one.

SC STOP NNServ
SC DELETE NNServ


Then type EXIT then press Enter.
Restart your pc.

************************

Go to and delete:
C:\WINDOWS\TEMP\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

Now download and install Hijackthis.
This is a self-extracting version which will automatically install HJT to C:\Program Files\Hijackthis by default.
A desktop shortcut can be created during install under 'Select Additional Tasks'.

************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

************************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log please.





Ok I did it all here is the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 14:04, on 2007-05-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3193AFC3-A37D-4501-9978-7D7DD2CEB82D} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm088YYCA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?0cd794c322a0459f819618c664fae0f2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?0cd794c322a0459f819618c664fae0f2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xxjustforuxx.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160620738109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: vtuvtrs - vtuvtrs.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


and here is the combo fix

"karine" - 2007-05-21 13:55:09 Service Pack 2
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\karine\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\hdbqpcxq.dll
C:\WINDOWS\system32\pvptplkj.dll
C:\WINDOWS\system32\qvqtufee.dll
C:\WINDOWS\system32\qxcpqbdh.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\karine\APPLIC~1\Dxccwrd.dll
C:\DOCUME~1\karine\APPLIC~1\Dxcknwrd.dll
C:\DOCUME~1\karine\APPLIC~1\Dxcuknwrd.dll
C:\Program Files\Internet Explorer\rteserim.html
C:\WINDOWS\system32\bund1\temp.txt
C:\Program Files\Common Files\{30695~1\Bar888.dll
C:\Program Files\Common Files\{30695~1\UnInstall.exe
C:\WINDOWS\hosts
C:\WINDOWS\system32\bund1
C:\Program Files\Common Files\{30695~1
C:\Program Files\Common Files\{70695~1
C:\Program Files\Common Files\{70695~2


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 ))))))))))))))))))))))))))))))))))


2007-05-21 13:43 <DIR> d-------- C:\VundoFix Backups
2007-05-20 13:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-20 10:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-19 16:45 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-18 20:08 <DIR> d-------- C:\Program Files\Incomplete
2007-05-18 17:54 <DIR> d-------- C:\DOCUME~1\karine\APPLIC~1\Lavasoft
2007-05-18 17:53 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-18 17:18 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-21 01:55:36 -------- d-----w C:\Program Files\LimeWire
2007-05-20 14:38:17 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-05-20 14:37:57 -------- d-----w C:\Program Files\QuickTime
2007-05-20 14:36:49 -------- d-----w C:\Program Files\Norton Internet Security
2007-05-20 14:35:21 -------- d-----w C:\Program Files\MSN Messenger
2007-05-20 14:32:34 -------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-05-20 14:32:32 -------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-05-20 14:31:42 -------- d-----w C:\Program Files\iTunes
2007-05-20 14:30:33 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-18 23:25:42 374 ----a-w C:\DOCUME~1\karine\APPLIC~1\internaldb6334.dat
2007-05-18 22:27:44 -------- d-----w C:\Program Files\Movie Maker
2007-05-18 21:52:51 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-18 21:37:29 -------- d-----w C:\Program Files\AskTBar
2007-05-18 21:30:04 18,432 ----a-w C:\DOCUME~1\karine\APPLIC~1\internaldb41.dat
2007-05-18 21:26:42 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-18 21:07:46 538 ----a-w C:\DOCUME~1\karine\APPLIC~1\internaldb8467.dat
2007-04-04 21:52:05 167 ----a-w C:\WINDOWS\system32\6213.bat
2007-04-04 21:51:28 0 ----a-w C:\WINDOWS\system32\taskkill.exe
2007-04-04 21:51:07 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 02:43:13 -------- d-----w C:\Program Files\PacificPoker
2007-03-06 14:43:54 69,698 ----a-w C:\WINDOWS\distro_uPlayMe_stub_973387.exe
2007-02-07 20:55:54 0 ----a-w C:\DOCUME~1\karine\APPLIC~1\wklnhst.dat
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{3193AFC3-A37D-4501-9978-7D7DD2CEB82D}=C:\WINDOWS\system32\awtst.dll []
{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}=C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL []
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 18:45]
{BDF3E430-B101-42AD-A544-FADC6B084872}=c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-19 13:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 19:54 C:\WINDOWS\system32\SiSPower.dll]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 11:05]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 01:34]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 16:54]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-08-04 21:40]
"AlcxMonitor"="ALCXMNTR.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-03 23:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 19:14]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 20:38]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 20:39]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 08:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Internet Explorer\rteserim.html

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvtrs]
vtuvtrs.dll


Contents of the 'Scheduled Tasks' folder
2007-05-21 17:21:02 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-04-28 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job
2007-05-21 17:54:00 C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-21 14:01:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-21 14:04:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-21 14:04

--- E O F ---
Thanks again for your help

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 21 May 2007 - 01:41 PM

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {3193AFC3-A37D-4501-9978-7D7DD2CEB82D} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm088YYCA
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O20 - Winlogon Notify: vtuvtrs - vtuvtrs.dll (file missing)

Exit Hijackthis.

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Also post a new Hijackthis log please.
Let me know how your pc is running now.

Posted Image
Posted Image

#5 notorious66

notorious66
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 22 May 2007 - 09:21 AM

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {3193AFC3-A37D-4501-9978-7D7DD2CEB82D} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm088YYCA
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O20 - Winlogon Notify: vtuvtrs - vtuvtrs.dll (file missing)

Exit Hijackthis.

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Also post a new Hijackthis log please.
Let me know how your pc is running now.



Hi
So I did it all sorry for the delay but it is still very slow to boot up. After putting in my password it takes about 3 to 4 minutes before having all the icons on my desktop. also in the adress bar when i'm on web page the icon before the webpage is like a empty file. i don't know if it has to do with any thing any ways here is the hijack this log and the other one also.

Logfile of HijackThis v1.99.1
Scan saved at 10:14, on 2007-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?0cd794c322a0459f819618c664fae0f2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?0cd794c322a0459f819618c664fae0f2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xxjustforuxx.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160620738109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

here you go

KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Moved.;
NPMyWebS.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Msearch;Deleted.;
pv.exe;C:\Program Files\PacificPoker;Program.PrcView.3725;Deleted.;
hdbqpcxq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
pvptplkj.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
qvqtufee.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
A0107697.EXE;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP569;Tool.GameCrack;Deleted.;
A0111834.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;Trojan.Virtumod;Deleted.;
A0111839.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0111840.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0111841.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0112838.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0112839.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0112840.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0114837.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0114838.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0114839.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0114855.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0114856.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0114857.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0114883.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0114884.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0114885.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP595;BackDoor.Generic.1545;Deleted.;
A0114903.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP596;BackDoor.Generic.1545;Deleted.;
A0114904.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP596;BackDoor.Generic.1545;Deleted.;
A0114905.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP596;BackDoor.Generic.1545;Deleted.;
A0114939.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP596;BackDoor.Generic.1545;Deleted.;
A0114940.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP596;BackDoor.Generic.1545;Deleted.;
A0114941.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP596;BackDoor.Generic.1545;Deleted.;
A0114956.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP596;BackDoor.Generic.1545;Deleted.;
A0114957.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP596;BackDoor.Generic.1545;Deleted.;
A0114958.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP596;BackDoor.Generic.1545;Deleted.;
A0114984.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP596;BackDoor.Generic.1545;Deleted.;
A0114985.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP596;BackDoor.Generic.1545;Deleted.;
A0114986.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP596;BackDoor.Generic.1545;Deleted.;
A0115988.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP597;BackDoor.Generic.1545;Deleted.;
A0115989.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP597;BackDoor.Generic.1545;Deleted.;
A0115990.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP597;BackDoor.Generic.1545;Deleted.;
A0116987.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP597;BackDoor.Generic.1545;Deleted.;
A0116988.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP597;BackDoor.Generic.1545;Deleted.;
A0116989.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP597;BackDoor.Generic.1545;Deleted.;
A0117000.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP597;BackDoor.Generic.1545;Deleted.;
A0117001.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP597;BackDoor.Generic.1545;Deleted.;
A0117002.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP597;BackDoor.Generic.1545;Deleted.;
A0117018.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP597;BackDoor.Generic.1545;Deleted.;
A0117019.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP597;BackDoor.Generic.1545;Deleted.;
A0117020.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP597;BackDoor.Generic.1545;Deleted.;
A0117090.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP598;BackDoor.Generic.1545;Deleted.;
A0117091.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP598;BackDoor.Generic.1545;Deleted.;
A0117092.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP598;BackDoor.Generic.1545;Deleted.;
A0118102.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP598;BackDoor.Generic.1545;Deleted.;
A0118103.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP598;BackDoor.Generic.1545;Deleted.;
A0118104.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP598;BackDoor.Generic.1545;Deleted.;
A0118117.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP598;BackDoor.Generic.1545;Deleted.;
A0118118.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP598;BackDoor.Generic.1545;Deleted.;
A0118119.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP598;BackDoor.Generic.1545;Deleted.;
A0118128.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;BackDoor.Generic.1545;Deleted.;
A0118129.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;BackDoor.Generic.1545;Deleted.;
A0118130.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;BackDoor.Generic.1545;Deleted.;
A0119129.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;BackDoor.Generic.1545;Deleted.;
A0119130.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;BackDoor.Generic.1545;Deleted.;
A0119131.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;BackDoor.Generic.1545;Deleted.;
A0119149.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;Trojan.Virtumod;Deleted.;
A0119155.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;BackDoor.Generic.1545;Deleted.;
A0119156.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;BackDoor.Generic.1545;Deleted.;
A0119157.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;BackDoor.Generic.1545;Deleted.;
A0119175.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;BackDoor.Generic.1545;Deleted.;
A0119176.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;BackDoor.Generic.1545;Deleted.;
A0119177.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP599;BackDoor.Generic.1545;Deleted.;
A0119201.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP600;BackDoor.Generic.1545;Deleted.;
A0119202.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP600;BackDoor.Generic.1545;Deleted.;
A0119203.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP600;BackDoor.Generic.1545;Deleted.;
A0119221.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP600;BackDoor.Generic.1545;Deleted.;
A0119222.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP600;BackDoor.Generic.1545;Deleted.;
A0119223.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP600;BackDoor.Generic.1545;Deleted.;
A0120222.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP600;BackDoor.Generic.1545;Deleted.;
A0120223.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP600;BackDoor.Generic.1545;Deleted.;
A0120224.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP600;BackDoor.Generic.1545;Deleted.;
A0121232.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP601;BackDoor.Generic.1545;Deleted.;
A0121233.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP601;BackDoor.Generic.1545;Deleted.;
A0121234.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP601;BackDoor.Generic.1545;Deleted.;
A0121246.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP601;BackDoor.Generic.1545;Deleted.;
A0121247.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP601;BackDoor.Generic.1545;Deleted.;
A0121248.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP601;BackDoor.Generic.1545;Deleted.;
A0122242.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP602;Trojan.Virtumod;Deleted.;
A0123283.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP603;BackDoor.Generic.1545;Deleted.;
A0123284.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP603;BackDoor.Generic.1545;Deleted.;
A0123285.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP603;BackDoor.Generic.1545;Deleted.;
A0123345.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP604;Adware.Hotbar;Deleted.;
A0123357.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP604;Adware.Hotbar;Deleted.;
A0123590.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP604;BackDoor.Generic.1545;Deleted.;
A0123591.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP604;BackDoor.Generic.1545;Deleted.;
A0123592.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP604;BackDoor.Generic.1545;Deleted.;
A0123800.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;Trojan.Virtumod;Deleted.;
A0123840.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;Trojan.Virtumod;Deleted.;
A0127843.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;BackDoor.Generic.1545;Deleted.;
A0127844.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;BackDoor.Generic.1545;Deleted.;
A0127845.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;BackDoor.Generic.1545;Deleted.;
A0127852.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;Trojan.Virtumod;Deleted.;
A0127853.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;Trojan.Virtumod;Deleted.;
A0127864.EXE;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;Trojan.Click.2109;Deleted.;
A0130879.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;BackDoor.Generic.1545;Deleted.;
A0130888.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;BackDoor.Generic.1545;Deleted.;
A0130895.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;BackDoor.Generic.1545;Deleted.;
A0130896.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;BackDoor.Generic.1545;Deleted.;
A0130897.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;Trojan.MulDrop.5747;Deleted.;
A0130898.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;BackDoor.Generic.1545;Deleted.;
A0130899.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;Trojan.Virtumod;Deleted.;
A0130900.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP605;Trojan.MulDrop.5747;Deleted.;
A0130906.exe;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP606;Adware.Mirarbar;Deleted.;
A0130908.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP606;Trojan.Virtumod;Deleted.;
A0130909.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP606;Trojan.Virtumod;Deleted.;
A0130910.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP606;Trojan.Virtumod;Deleted.;
A0130911.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP606;Trojan.Virtumod;Deleted.;
A0130912.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP606;Trojan.Virtumod;Deleted.;
A0130913.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP606;Trojan.Virtumod;Deleted.;
A0130960.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0130961.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0130963.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0130964.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0130965.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0130966.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0130967.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0130968.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0130970.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0130972.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0130973.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0130974.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Juan;Deleted.;
A0131046.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0131047.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
A0131048.dll;C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP607;Trojan.Virtumod;Deleted.;
awtst.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
bgdwpyil.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
dqfsfjhw.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
lpjqvicd.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
mmrugctg.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
nfxhacem.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
nudbksvl.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
nvkfvewx.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
pkgkapns.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
ulosvifv.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
uuhxtknq.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
vtstu.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
wxgwjfqv.dll.bad;C:\VundoFix Backups;Trojan.Juan;Deleted.;

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 22 May 2007 - 10:24 AM

Download 'e Scan MWAV' from here to your desktop:
http://www.mwti.net/download/tools/mwav.exe
Disconnect from the internet,close any open programs.
Double click on the mwav icon on your desktop.
The program will start,the Licence Agreement will pop up.
Select 'I accept the agreement',then press Ok.
The program will open,leave all the settings as they are.
Now press the 'Scan & Clean' button.
The program will now start scanning your pc.
Once the scan has finished,post the results from the lower window 'Virus Log Information'.

**********************

Download 'Blacklight Beta graphical user interface version' to your desktop:
https://europe.f-secure.com/blacklight/try.shtml
Accept the agreement,then download the program.
Click on Blacklight Beta on your desktop,accept that agreement,then hit Scan.
You'll see a list of all items found.
Don't choose rename yet!
I want to see the log first,legit items may be present.
There will be a log on your desktop with the name 'fsbl---log'
Post the contents of that log in your next reply.
Posted Image
Posted Image

#7 notorious66

notorious66
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 22 May 2007 - 10:57 AM

Download 'e Scan MWAV' from here to your desktop:
http://www.mwti.net/download/tools/mwav.exe
Disconnect from the internet,close any open programs.
Double click on the mwav icon on your desktop.
The program will start,the Licence Agreement will pop up.
Select 'I accept the agreement',then press Ok.
The program will open,leave all the settings as they are.
Now press the 'Scan & Clean' button.
The program will now start scanning your pc.
Once the scan has finished,post the results from the lower window 'Virus Log Information'.

**********************

Download 'Blacklight Beta graphical user interface version' to your desktop:
https://europe.f-secure.com/blacklight/try.shtml
Accept the agreement,then download the program.
Click on Blacklight Beta on your desktop,accept that agreement,then hit Scan.
You'll see a list of all items found.
Don't choose rename yet!
I want to see the log first,legit items may be present.
There will be a log on your desktop with the name 'fsbl---log'
Post the contents of that log in your next reply.



ok so here it is the two logs the first one is virus log information

Object "minibug Adware" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "hotbar Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "nn_bar Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "kazaa Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "instafinder Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "p2p networking Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "rxtoolbar Adware" found in File System! Action Taken: Entries Removed.
Object "spyshield Adware" found in File System! Action Taken: Entries Removed.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "spyshield Adware" found in File System! Action Taken: Entries Removed.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "asktbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "instantaccess Adware" found in File System! Action Taken: Entries Removed.
Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "kazaa Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed.
Object "asktbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "savenow Adware" found in File System! Action Taken: Entries Removed.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: Entries Removed.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: Entries Removed.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: Entries Removed.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: Entries Removed.
Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: Entries Removed.
Entry "HKCR\Shareaza.SkinInfoExtractor.1" refers to invalid object "{0EEDB912-C5FA-486F-8334-57288578C627}". Action Taken: Entries Removed.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\PC-Doctor for Windows\Java\conf\Resources\Fujitsu.ico". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\WINDOWS\system32\mfc71.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\WINDOWS\system32\atl71.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\\Netscape\\Netscape Browser\plugins\NPSWF32.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxinsi64.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxcpyi64.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Ahead\NeroDigital\settings.xml". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnap-Deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\NeroPhotoSnap_fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnap-Jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer-Deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer-Jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome_Deu.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome_Fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome_Jpn.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\NeroCoverDesigner_fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\NeroRecode_fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero ShowTime\ShowTime-Deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero ShowTime\NeroShowTime_Fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero ShowTime\ShowTime-Jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero ShowTime\Skins\standard.bmp". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\OFFICE\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\Portal\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\Incoming\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\MSN Toolbar Suite\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\MSN Toolbar Suite\AU\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Installer\". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ac2". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bik". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".GR2". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgs". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "045C89A0-CA37-443C-8826-F750227DE69C". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "05E21449-3BA3-42BF-BBDA-95205F4EA40A". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "29FF6D07-4A15-41F1-9D5E-E0F3A58012C6". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "3330A279-CC39-4A17-AE19-DA464B26AD9A". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "657A0149-EEC7-4FB2-AB4F-CB7AA027748E". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "66195170-D19D-46C5-8FB7-8A4630071ADC". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "75528D5F-DD82-402E-BA7C-045B7DC6A712". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AltnetDM". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "C43D84CD-EBFC-48D3-A330-7868C8AD415A". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CCCDE323-C76D-44DA-BB5B-B8ABE767756E". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "D06AB82F-D68E-405A-9886-AB8804291B6D". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DE87FA96-7840-420C-86F9-33F3B7B3CED1". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "F05A08BF-E600-4FBD-A53A-3D47296B1275". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "FA7F5211-C629-4711-BD82-7DFFB08CB518". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "GameChannel". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Help and Support Additions". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5)". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.1)". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSN Toolbar". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "New.net". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WebBuying". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WildTangent CDA". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{01D2D18F-B421-4D45-9668-3BC302A91ACD}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{02BE569D-7BBD-4451-A955-C0CDFB0695F1}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{114FDC2A-BCB3-4A47-B18D-1D0AFC9D020C}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{191BB17D-7BB4-43E9-8C98-7A981EF8AA43}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1B778141-BB7A-4F1A-A02D-5A2BC640585E}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2AFBAC85-8F32-4EDB-AF56-D68239DAFF7D}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{38C76428-6C9C-4CC6-B747-3AB6A4770225}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3A494A73-0731-48A6-B705-3965382F86D6}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3C3FAC2D-837C-4C19-A90B-60C826B15A1A}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4031623D-AC43-4B41-A0DF-584797918684}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{48FFD824-B28F-46C6-A3D4-7560BEF48550}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{52F34B4D-32E3-4065-9869-74F96B1AFA23}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5482BBD9-1042-4385-8662-74AF4616856C}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{59BCEEEC-3C0F-4A02-80FC-0B8A6E26B31F}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{691E8ABA-4D04-4389-8738-692BF5E426C5}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6A39CB92-E333-41D5-872F-BAD00FB42013}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6EE34979-0355-44EB-8761-21D32B1CE4AB}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{712C2C55-46DC-497E-9AE6-17DF4D5491EB}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{75742F57-31BA-4E64-8A86-48CDDB6DFE4F}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7884F09C-F871-4489-9CD2-24CF2954A095}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{81CFF79E-04E6-41BC-B4FA-D2FF4DE58A15}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{871AEDDF-9E12-41A9-91A3-E5AB678A81D7}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300311}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300324}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9F931B29-A990-47A8-AC1C-C3AA70A5BB5F}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-0000-0000-6028747ADE01}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A00000000001}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B005394D-5A4D-6AE4-CB08-F59CDC9A255C}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B802CFA4-B4C8-4959-84D0-5FE9BA57DAED}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{BBE92E80-4331-4DD8-A05C-8856B50B4AA8}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C11E39B9-B92F-4D47-9073-365022954233}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D08B83BB-C13A-40A8-9BBC-6C581AFCAB2C}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DC69D2DF-E5EA-40CA-A67B-CF8277F79E02}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DD0CF6CB-ADBC-4062-B30C-D53B21A83AFB}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0797160-7E41-4CF2-A47B-497F5DFFC187}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0EDE60D-BD69-4351-81BA-706E51179F7E}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F1157D84-37DD-4A28-8285-E2505154A960}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F97B3261-9C8D-416C-8E91-60C2AA70D9E0}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FBE8A0BB-9785-4269-89BA-E407E888F96B}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FFB59000-EB47-45BC-842A-EFFBDA635C94}". Action Taken: Entries Removed.


this is fsbl log

05/22/07 11:41:58 [Info]: BlackLight Engine 1.0.61 initialized
05/22/07 11:41:58 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/22/07 11:41:58 [Note]: 7019 4
05/22/07 11:41:58 [Note]: 7005 0
05/22/07 11:41:58 [Note]: 7006 0
05/22/07 11:41:58 [Note]: 7011 1380
05/22/07 11:41:59 [Note]: 7026 0
05/22/07 11:41:59 [Note]: 7026 0
05/22/07 11:42:02 [Note]: FSRAW library version 1.7.1021
05/22/07 11:49:14 [Note]: 7007 0

thanks again for helping me

#8 notorious66

notorious66
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 22 May 2007 - 11:02 AM

Download 'e Scan MWAV' from here to your desktop:
http://www.mwti.net/download/tools/mwav.exe
Disconnect from the internet,close any open programs.
Double click on the mwav icon on your desktop.
The program will start,the Licence Agreement will pop up.
Select 'I accept the agreement',then press Ok.
The program will open,leave all the settings as they are.
Now press the 'Scan & Clean' button.
The program will now start scanning your pc.
Once the scan has finished,post the results from the lower window 'Virus Log Information'.

**********************

Download 'Blacklight Beta graphical user interface version' to your desktop:
https://europe.f-secure.com/blacklight/try.shtml
Accept the agreement,then download the program.
Click on Blacklight Beta on your desktop,accept that agreement,then hit Scan.
You'll see a list of all items found.
Don't choose rename yet!
I want to see the log first,legit items may be present.
There will be a log on your desktop with the name 'fsbl---log'
Post the contents of that log in your next reply.



ok so here it is the two logs the first one is virus log information

Object "minibug Adware" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "hotbar Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "nn_bar Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "kazaa Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "instafinder Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "p2p networking Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "rxtoolbar Adware" found in File System! Action Taken: Entries Removed.
Object "spyshield Adware" found in File System! Action Taken: Entries Removed.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "spyshield Adware" found in File System! Action Taken: Entries Removed.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "asktbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "instantaccess Adware" found in File System! Action Taken: Entries Removed.
Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "kazaa Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: Entries Removed.
Object "asktbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "need2findbar Toolbar" found in File System! Action Taken: Entries Removed.
Object "savenow Adware" found in File System! Action Taken: Entries Removed.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: Entries Removed.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: Entries Removed.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: Entries Removed.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: Entries Removed.
Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: Entries Removed.
Entry "HKCR\Shareaza.SkinInfoExtractor.1" refers to invalid object "{0EEDB912-C5FA-486F-8334-57288578C627}". Action Taken: Entries Removed.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\PC-Doctor for Windows\Java\conf\Resources\Fujitsu.ico". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\WINDOWS\system32\mfc71.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\WINDOWS\system32\atl71.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\\Netscape\\Netscape Browser\plugins\NPSWF32.dll". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxinsi64.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxcpyi64.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Documents and Settings\All Users\Application Data\Ahead\NeroDigital\settings.xml". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnap-Deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\NeroPhotoSnap_fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnap-Jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer-Deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer-Jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome_Deu.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome_Fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome_Jpn.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\NeroCoverDesigner_fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\NeroRecode_fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero Recode\Recode-Jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero ShowTime\ShowTime-Deu.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero ShowTime\NeroShowTime_Fra.chm". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero ShowTime\ShowTime-Jpn.nls". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero ShowTime\Skins\standard.bmp". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\OFFICE\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\Portal\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\Incoming\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\MSN Toolbar Suite\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\MSN Toolbar Suite\AU\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Installer\". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ac2". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bik". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".GR2". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rgs". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "045C89A0-CA37-443C-8826-F750227DE69C". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "05E21449-3BA3-42BF-BBDA-95205F4EA40A". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "29FF6D07-4A15-41F1-9D5E-E0F3A58012C6". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "3330A279-CC39-4A17-AE19-DA464B26AD9A". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "657A0149-EEC7-4FB2-AB4F-CB7AA027748E". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "66195170-D19D-46C5-8FB7-8A4630071ADC". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "75528D5F-DD82-402E-BA7C-045B7DC6A712". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AltnetDM". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "C43D84CD-EBFC-48D3-A330-7868C8AD415A". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "CCCDE323-C76D-44DA-BB5B-B8ABE767756E". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "D06AB82F-D68E-405A-9886-AB8804291B6D". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DE87FA96-7840-420C-86F9-33F3B7B3CED1". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "F05A08BF-E600-4FBD-A53A-3D47296B1275". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "FA7F5211-C629-4711-BD82-7DFFB08CB518". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "GameChannel". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Help and Support Additions". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5)". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.1)". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSN Toolbar". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "New.net". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WebBuying". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WildTangent CDA". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{01D2D18F-B421-4D45-9668-3BC302A91ACD}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{02BE569D-7BBD-4451-A955-C0CDFB0695F1}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{114FDC2A-BCB3-4A47-B18D-1D0AFC9D020C}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{191BB17D-7BB4-43E9-8C98-7A981EF8AA43}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1B778141-BB7A-4F1A-A02D-5A2BC640585E}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2AFBAC85-8F32-4EDB-AF56-D68239DAFF7D}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{38C76428-6C9C-4CC6-B747-3AB6A4770225}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3A494A73-0731-48A6-B705-3965382F86D6}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3C3FAC2D-837C-4C19-A90B-60C826B15A1A}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4031623D-AC43-4B41-A0DF-584797918684}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{48FFD824-B28F-46C6-A3D4-7560BEF48550}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{52F34B4D-32E3-4065-9869-74F96B1AFA23}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5482BBD9-1042-4385-8662-74AF4616856C}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{59BCEEEC-3C0F-4A02-80FC-0B8A6E26B31F}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{691E8ABA-4D04-4389-8738-692BF5E426C5}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6A39CB92-E333-41D5-872F-BAD00FB42013}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6EE34979-0355-44EB-8761-21D32B1CE4AB}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{712C2C55-46DC-497E-9AE6-17DF4D5491EB}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{75742F57-31BA-4E64-8A86-48CDDB6DFE4F}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7884F09C-F871-4489-9CD2-24CF2954A095}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{81CFF79E-04E6-41BC-B4FA-D2FF4DE58A15}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{871AEDDF-9E12-41A9-91A3-E5AB678A81D7}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300311}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{89A344E4-A54B-4C5E-97BD-040B4B300324}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9F931B29-A990-47A8-AC1C-C3AA70A5BB5F}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-0000-0000-6028747ADE01}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A00000000001}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B005394D-5A4D-6AE4-CB08-F59CDC9A255C}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B802CFA4-B4C8-4959-84D0-5FE9BA57DAED}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{BBE92E80-4331-4DD8-A05C-8856B50B4AA8}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C11E39B9-B92F-4D47-9073-365022954233}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D08B83BB-C13A-40A8-9BBC-6C581AFCAB2C}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DC69D2DF-E5EA-40CA-A67B-CF8277F79E02}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DD0CF6CB-ADBC-4062-B30C-D53B21A83AFB}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0797160-7E41-4CF2-A47B-497F5DFFC187}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0EDE60D-BD69-4351-81BA-706E51179F7E}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F1157D84-37DD-4A28-8285-E2505154A960}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F97B3261-9C8D-416C-8E91-60C2AA70D9E0}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FBE8A0BB-9785-4269-89BA-E407E888F96B}". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FFB59000-EB47-45BC-842A-EFFBDA635C94}". Action Taken: Entries Removed.


this is fsbl log

05/22/07 11:41:58 [Info]: BlackLight Engine 1.0.61 initialized
05/22/07 11:41:58 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/22/07 11:41:58 [Note]: 7019 4
05/22/07 11:41:58 [Note]: 7005 0
05/22/07 11:41:58 [Note]: 7006 0
05/22/07 11:41:58 [Note]: 7011 1380
05/22/07 11:41:59 [Note]: 7026 0
05/22/07 11:41:59 [Note]: 7026 0
05/22/07 11:42:02 [Note]: FSRAW library version 1.7.1021
05/22/07 11:49:14 [Note]: 7007 0

thanks again for helping me

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 22 May 2007 - 11:02 AM

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

Post a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#10 notorious66

notorious66
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 22 May 2007 - 11:25 AM

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

Post a new Hijackthis log please.
Let me know how your pc is running now.



here it is

Logfile of HijackThis v1.99.1
Scan saved at 12:19, on 2007-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?0cd794c322a0459f819618c664fae0f2
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?0cd794c322a0459f819618c664fae0f2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://xxjustforuxx.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160620738109
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


it is still slow to boot up. but there is no more pop ups

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 22 May 2007 - 11:38 AM

Try downloading/installing and defragmenting your drive with the free trial version of PerfectDisk 8:
http://www.raxco.com/products/downloadit/

*******************

If after doing the above and the startup is still slow,Norton Internet Security may well be the culprit.
Posted Image
Posted Image

#12 notorious66

notorious66
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 22 May 2007 - 01:09 PM

Try downloading/installing and defragmenting your drive with the free trial version of PerfectDisk 8:
http://www.raxco.com/products/downloadit/

*******************

If after doing the above and the startup is still slow,Norton Internet Security may well be the culprit.




Hi

So it seems to be working but it is still slow about 2 or 3 minutes. after i did the defrag same thing. Thanks for your help

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 22 May 2007 - 01:29 PM

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
C:\VundoFix Backups
C:\QooBox
VundoFix
Combofix
e Scan MWAV
Blacklight Beta


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u1'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

I suggest you now start a new topic here regarding your slow startup problem.
Give as much detail as possible a state in your topic you're malware free,your system is clean.
Windows XP Home and Professional:
http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users