Solved attention user!

[Resolved]attention user!

ok... I've read a lot about this problem... it's the "attention user, some dangerous viruses detected in your computer. Microsoft XP files corrupted...etc "... following the steps of my of everybody, I've downloaded antimalware software... and then dss and hijackthis... all of them did scans... everything seems to be in order so far, the problem seems to be fixed. I would like to send some logs to anybody just to make sure. Can anyone help?

 

Hi bluesblues
Welcome to Windowsbbs.

Please post a new dss log into this thread.

Thanks
Geri

 

main dss txt

Deckard's System Scanner v20071014.68
Run by kazekage on 2008-07-05 15:15:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as kazekage.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:20, on 5.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\kazekage\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\kazekage.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title= "CorelDRAW Graphics Suite 12" /date=070708 serial=dr12wex-1504397-kty lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

--
End of file - 10716 bytes

-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-03 10:28:44 0 d-------- C:\Program Files\Trend Micro
2008-07-03 09:55:11 0 d-------- C:\Documents and Settings\kazekage\Application Data\Malwarebytes
2008-07-03 09:55:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 09:55:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 22:55:18 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-19 22:55:17 0 d--h----- C:\Program Files\Zenographics
2008-06-07 12:14:29 0 d-------- C:\Documents and Settings\kazekage\Application Data\Hamachi
2008-06-07 12:14:10 0 d-------- C:\Program Files\Hamachi


-- Find3M Report ---------------------------------------------------------------

2008-07-03 12:40:52 0 d-------- C:\Documents and Settings\kazekage\Application Data\Yahoo!
2008-07-03 08:48:35 0 d-------- C:\Program Files\Corel
2008-07-03 08:48:35 0 d-------- C:\Documents and Settings\kazekage\Application Data\Corel
2008-07-03 08:47:24 0 d-------- C:\Program Files\Common Files
2008-06-29 13:16:13 0 d-------- C:\Documents and Settings\kazekage\Application Data\uTorrent
2008-06-28 11:03:01 0 d-------- C:\Program Files\GCH Guitar academy
2008-06-15 10:59:53 0 d-------- C:\Documents and Settings\kazekage\Application Data\Adobe
2008-06-12 20:36:19 4096 --a------ C:\WINDOWS\system32\crash
2008-06-12 20:30:32 0 d-------- C:\Program Files\LimeWire
2008-05-28 20:02:25 0 d-------- C:\Documents and Settings\kazekage\Application Data\Apple Computer
2008-05-28 20:02:20 0 d-------- C:\Program Files\iTunes
2008-05-28 20:02:07 0 d-------- C:\Program Files\iPod
2008-05-28 20:01:52 0 d-------- C:\Program Files\Bonjour
2008-05-28 20:01:38 0 d-------- C:\Program Files\QuickTime
2008-05-28 20:00:58 0 d-------- C:\Program Files\Apple Software Update
2008-05-28 20:00:37 0 d-------- C:\Program Files\Common Files\Apple
2008-05-24 12:23:23 0 d-------- C:\Program Files\Windows Live
2008-05-24 12:22:59 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-24 12:08:52 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-14 09:18:04 0 d-------- C:\Program Files\CYCAS3
2008-05-14 08:34:30 0 d-------- C:\Program Files\JavaView
2008-05-08 10:03:58 0 d-------- C:\Program Files\Common Files\Corel
2008-05-06 19:51:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-05 18:15:35 0 d-------- C:\Documents and Settings\kazekage\Application Data\vlc
2008-05-05 16:27:38 0 d-------- C:\Program Files\VideoLAN


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16.05.2008 01:19]
"RTHDCPL "= "RTHDCPL.EXE" [05.07.2007 17:08 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr "= "ALCMTR.EXE" [03.05.2005 19:43 C:\WINDOWS\Alcmtr.exe]
"StartCCC "= "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 13:35]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"Adobe Version Cue CS2 "= "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04.04.2005 19:58]
"Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [14.12.2004 03:12]
"@ "=" " []
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 11:50]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [14.03.2008 22:33]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]
"CorelDRAW Graphics Suite 11b "= "C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [25.11.2003 13:39]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [28.03.2008 23:37]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [30.03.2008 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 02:56]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [28.10.2005 17:25]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [16.08.2007 13:24]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30.08.2007 18:43]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [6.11.2007 13:37:04]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 20:16:50]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [4.11.2007 15:18:46]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.2.2001 2:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit "= "C:\WINDOWS\system32\userinit.exe,userinit.exe, "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12db45ae-8b78-11dc-8922-0016e6d7f53b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{185c60b4-e624-11dc-89b4-0016e6d7f53b}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b5aa893-d63d-11dc-89a3-0016e6d7f53b}]
Auto\command- F:\UFO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf6f4b6f-fd95-11dc-89da-0016e6d7f53b}]
AutoRun\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe




-- End of Deckard's System Scanner: finished at 2008-07-05 15:15:52 ------------

 

Hi bluesblues

Open "Notepad†Copy the contents of the code box below to the blank Notepad.
Click "File" > "Save as "
In the "Save In" box at the top click the down arrow and select DeskTop

In the "File name" type in: fix.reg
In the "Save As Type" select: All Files
Once saved, Go to your desktop double click "fix.reg file" and let it merge with the registry.

Code:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12db45ae-8b78-11dc-8922-0016e6d7f53b}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{185c60b4-e624-11dc-89b4-0016e6d7f53b}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b5aa893-d63d-11dc-89a3-0016e6d7f53b}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf6f4b6f-fd95-11dc-89da-0016e6d7f53b}]

Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

If you have any Flash drives (USB thumb drives) plug them in before doing this.

• Double-click Flash_Disinfector.exe to run it.
  Follow any prompts that may appear.
  Your desktop will vanish for a while, and then reappear. This is normal.
  Wait until the program has finished scanning, then please exit the program.

Empty this folder:

C:\WINDOWS\temp

Now run dss again and post the log.

Thanks
Geri

 

ummm...

I did everything you've said... except the part with deleting the C-WINDOWS-temp folder, cause there's a "perflib perfdata" file, and something is using it so it cannot be deleted... I've tried stopping a couple of applications, but still I cannot delete it... so I've searched for something about that file, and it is interesting what I've found, yet, unusefull... soooo, can I bother you just a little bit to come up with the solution?

 

Hi bluesblues
Ok that's not a problem, Those get created daily and are not a problem.

Please post the new dss log.

Thanks
Geri

 

thanks...

Deckard's System Scanner v20071014.68
Run by kazekage on 2008-07-03 10:33:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
49: 2008-07-03 08:33:41 UTC - RP254 - Deckard's System Scanner Restore Point
48: 2008-07-03 06:51:05 UTC - RP253 - Usunieto CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension.
47: 2008-07-02 09:32:18 UTC - RP252 - System Checkpoint
46: 2008-06-30 18:33:19 UTC - RP251 - System Checkpoint
45: 2008-06-29 09:09:20 UTC - RP250 - System Checkpoint


-- First Restore Point --
1: 2008-05-09 09:37:37 UTC - RP206 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as kazekage.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:37, on 3.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\kazekage\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\kazekage.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title= "CorelDRAW Graphics Suite 12" /date=070708 serial=dr12wex-1504397-kty lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

--
End of file - 10520 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1 "


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 gdrv - c:\windows\gdrv.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 mi-raysat_3dsmax8 (RaySat_3dsmax8 Server) - "c:\program files\autodesk\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe "

S3 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi


-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-03 10:28:44 0 d-------- C:\Program Files\Trend Micro
2008-07-03 09:55:11 0 d-------- C:\Documents and Settings\kazekage\Application Data\Malwarebytes
2008-07-03 09:55:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 09:55:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 22:55:18 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-19 22:55:17 0 d--h----- C:\Program Files\Zenographics
2008-06-07 12:14:29 0 d-------- C:\Documents and Settings\kazekage\Application Data\Hamachi
2008-06-07 12:14:10 0 d-------- C:\Program Files\Hamachi


-- Find3M Report ---------------------------------------------------------------

2008-07-03 08:48:35 0 d-------- C:\Program Files\Corel
2008-07-03 08:48:35 0 d-------- C:\Documents and Settings\kazekage\Application Data\Corel
2008-07-03 08:47:24 0 d-------- C:\Program Files\Common Files
2008-06-29 13:16:13 0 d-------- C:\Documents and Settings\kazekage\Application Data\uTorrent
2008-06-28 11:03:01 0 d-------- C:\Program Files\GCH Guitar academy
2008-06-15 10:59:53 0 d-------- C:\Documents and Settings\kazekage\Application Data\Adobe
2008-06-12 20:36:19 4096 --a------ C:\WINDOWS\system32\crash
2008-06-12 20:30:32 0 d-------- C:\Program Files\LimeWire
2008-05-28 20:02:25 0 d-------- C:\Documents and Settings\kazekage\Application Data\Apple Computer
2008-05-28 20:02:20 0 d-------- C:\Program Files\iTunes
2008-05-28 20:02:07 0 d-------- C:\Program Files\iPod
2008-05-28 20:01:52 0 d-------- C:\Program Files\Bonjour
2008-05-28 20:01:38 0 d-------- C:\Program Files\QuickTime
2008-05-28 20:00:58 0 d-------- C:\Program Files\Apple Software Update
2008-05-28 20:00:37 0 d-------- C:\Program Files\Common Files\Apple
2008-05-24 12:23:23 0 d-------- C:\Program Files\Windows Live
2008-05-24 12:22:59 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-24 12:08:52 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-14 09:18:04 0 d-------- C:\Program Files\CYCAS3
2008-05-14 08:34:30 0 d-------- C:\Program Files\JavaView
2008-05-08 10:03:58 0 d-------- C:\Program Files\Common Files\Corel
2008-05-06 19:51:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-05 18:15:35 0 d-------- C:\Documents and Settings\kazekage\Application Data\vlc
2008-05-05 16:27:38 0 d-------- C:\Program Files\VideoLAN


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16.05.2008 01:19]
"RTHDCPL "= "RTHDCPL.EXE" [05.07.2007 17:08 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr "= "ALCMTR.EXE" [03.05.2005 19:43 C:\WINDOWS\Alcmtr.exe]
"StartCCC "= "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 13:35]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"Adobe Version Cue CS2 "= "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04.04.2005 19:58]
"Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [14.12.2004 03:12]
"@ "=" " []
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 11:50]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [14.03.2008 22:33]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]
"CorelDRAW Graphics Suite 11b "= "C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [25.11.2003 13:39]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [28.03.2008 23:37]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [30.03.2008 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 02:56]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [28.10.2005 17:25]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [16.08.2007 13:24]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30.08.2007 18:43]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [6.11.2007 13:37:04]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 20:16:50]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [4.11.2007 15:18:46]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.2.2001 2:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit "= "C:\WINDOWS\system32\userinit.exe,userinit.exe, "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12db45ae-8b78-11dc-8922-0016e6d7f53b}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{185c60b4-e624-11dc-89b4-0016e6d7f53b}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b5aa893-d63d-11dc-89a3-0016e6d7f53b}]
Auto\command- F:\UFO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf6f4b6f-fd95-11dc-89da-0016e6d7f53b}]
AutoRun\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 downloads1.kaspersky-labs.com
127.0.0.1 downloads2.kaspersky-labs.com
127.0.0.1 downloads3.kaspersky-labs.com
127.0.0.1 downloads4.kaspersky-labs.com
127.0.0.1 downloads5.kaspersky-labs.com
127.0.0.1 www.kaspersky-labs.com
127.0.0.1 symantec.com

363 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-03 10:37:09 ------------

 

mistake

sorry.... I've sent you the wrong log file... here's the real one (after using the "fix.reg" file....)




Deckard's System Scanner v20071014.68
Run by kazekage on 2008-07-09 11:00:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as kazekage.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:30, on 9.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\kazekage\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\kazekage.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title= "CorelDRAW Graphics Suite 12" /date=072308 serial=dr12wex-1504397-kty lang=EN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe

--
End of file - 10669 bytes

-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-08 16:44:19 0 drahs---- C:\autorun.inf
2008-07-06 14:46:30 0 d-------- C:\Program Files\Rockstar Games
2008-07-05 18:10:42 98304 --a------ C:\WINDOWS\system32\tsccvid.dll <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2008-07-05 18:06:08 0 d-------- C:\Program Files\ART Inc
2008-07-03 10:28:44 0 d-------- C:\Program Files\Trend Micro
2008-07-03 09:55:11 0 d-------- C:\Documents and Settings\kazekage\Application Data\Malwarebytes
2008-07-03 09:55:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 09:55:07 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 22:55:18 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-19 22:55:17 0 d--h----- C:\Program Files\Zenographics


-- Find3M Report ---------------------------------------------------------------

2008-07-09 01:16:45 0 d-------- C:\Documents and Settings\kazekage\Application Data\uTorrent
2008-07-06 14:46:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-03 12:40:52 0 d-------- C:\Documents and Settings\kazekage\Application Data\Yahoo!
2008-07-03 08:48:35 0 d-------- C:\Program Files\Corel
2008-07-03 08:48:35 0 d-------- C:\Documents and Settings\kazekage\Application Data\Corel
2008-07-03 08:47:24 0 d-------- C:\Program Files\Common Files
2008-06-28 11:03:01 0 d-------- C:\Program Files\GCH Guitar academy
2008-06-15 10:59:53 0 d-------- C:\Documents and Settings\kazekage\Application Data\Adobe
2008-06-12 20:36:19 4096 --a------ C:\WINDOWS\system32\crash
2008-06-12 20:30:32 0 d-------- C:\Program Files\LimeWire
2008-06-07 12:24:08 0 d-------- C:\Documents and Settings\kazekage\Application Data\Hamachi
2008-06-07 12:14:29 0 d-------- C:\Program Files\Hamachi
2008-05-28 20:02:25 0 d-------- C:\Documents and Settings\kazekage\Application Data\Apple Computer
2008-05-28 20:02:20 0 d-------- C:\Program Files\iTunes
2008-05-28 20:02:07 0 d-------- C:\Program Files\iPod
2008-05-28 20:01:52 0 d-------- C:\Program Files\Bonjour
2008-05-28 20:01:38 0 d-------- C:\Program Files\QuickTime
2008-05-28 20:00:58 0 d-------- C:\Program Files\Apple Software Update
2008-05-28 20:00:37 0 d-------- C:\Program Files\Common Files\Apple
2008-05-24 12:23:23 0 d-------- C:\Program Files\Windows Live
2008-05-24 12:22:59 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-24 12:08:52 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-14 09:18:04 0 d-------- C:\Program Files\CYCAS3
2008-05-14 08:34:30 0 d-------- C:\Program Files\JavaView


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16.05.2008 01:19]
"RTHDCPL "= "RTHDCPL.EXE" [05.07.2007 17:08 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr "= "ALCMTR.EXE" [03.05.2005 19:43 C:\WINDOWS\Alcmtr.exe]
"StartCCC "= "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10.11.2006 13:35]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"Adobe Version Cue CS2 "= "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04.04.2005 19:58]
"Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [14.12.2004 03:12]
"@ "=" " []
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 11:50]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [14.03.2008 22:33]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]
"CorelDRAW Graphics Suite 11b "= "C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [25.11.2003 13:39]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [28.03.2008 23:37]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [30.03.2008 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 02:56]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:35]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [28.10.2005 17:25]
"DAEMON Tools "= "C:\Program Files\DAEMON Tools\daemon.exe" [16.08.2007 13:24]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30.08.2007 18:43]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [6.11.2007 13:37:04]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 20:16:50]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [4.11.2007 15:18:46]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13.2.2001 2:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit "= "C:\WINDOWS\system32\userinit.exe,userinit.exe, "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-07-09 11:01:02 ------------

 

Hi bluesblues
How are things running?

Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now this please.

Please do an online scan with Kaspersky WebScanner

Click on "Accept" If your pop "“up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the "Scan Report" On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

gari

well... online kaspersky web scan wouldn't work, update, or whatever it was supposed to do, and certanly, wouldn't do a scan... I even tried turning my AVAST off for it, but still it wouldn't. It simply prompts me with the "failure" notice... and I don't know why.
another thing... I have my avast chest full of some infected files from some time ago, and before I did dss and Hjack... what do I do with that?

 

Hi bluesblues

Go into that folder and delete everything that Avast removed.

Run ATF Cleaner.

Let's try this one, maybe it's a Java problem you're having with Kaspersky.

Scanning with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Please post the Kaspersky results.
Geri

 

plz help

even i have the same problem.......
wht shud i do i am totally a noob
plz help.......

its freaking irritating.........

sob

plz plz........

 

Hi ultrakiller

Welcome to Windowsbbs.
Please start a topic of your own and do the following.

Please download and install HijackThis (let it install to the default location) and Run a scan then close HJT, then run Deckard's System Scanner and post the main.txt log
In the topic that you start, And someone will help you out.
Links and instructions here.

Thanks
Geri

 

no

it won't start the scan this way either... here's what it says: Please wait to update the virus definitions...
Downloading from url: ftp://downloads2.kaspersky-labs.com
Downloading remote file: master.xml
Downloading from url: http://downloads4.kaspersky-labs.com
Downloading remote file: master.xml
Downloading from url: http://downloads2.kaspersky-labs.com
Downloading remote file: master.xml
Downloading from url: http://downloads1.kaspersky-labs.com
Downloading remote file: master.xml
Downloading from url: ftp://downloads4.kaspersky-labs.com
Downloading remote file: master.xml
Downloading from url: ftp://downloads1.kaspersky-labs.com
Downloading remote file: master.xml
Downloading from url: ftp://downloads1.kaspersky-labs.com
Downloading remote file: master.xml
Update process FAILED. No further antivirus actions can be performed!

Attention, you must be online to activate Kaspersky Online Scanner, since the latest Anti-Virus bases version must be downloaded prior to scan. Otherwise we cannot guarantee detection of latest viruses. [21]

OFCOURSE I'm online... how else would I be doing that what I have been doing!?
anyway... if you have any other solution, post it...
here's a new question for you: why is My Documents folder always opening at the startup of my computer, since the last two months?... when I turn on my computer.... it's like... there... opened and waiting...

ps-should I try this kaspersky scan with my avast and firewall turned off?

 

Hi bluesblues

Open “Notepad” Copy the contents of the code box below to the blank Notepad.
Click "File" > "Save as "
In the "Save In" box at the top click the down arrow and select DeskTop

In the “File name” type in: fix.reg
In the “Save As Type” select: All Files
Once saved, Go to your desktop double click “fix.reg file” and let it merge with the registry.

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
 "Userinit "= "C:\\WINDOWS\\system32\\userinit.exe, "

Reboot and see if your documents open at start up.

Yes try that.

If it don't work then go here and try to run this one.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Thanks
Geri

 

well...

ok.. here's my panda scan post...
sorry if I copied it a little disarranged.... but these results... really?
Ofcourse, I shall enable my avast now... and, I would like to use the opportunity to thank you for spending an amount of time on my computer problems....


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-15 22:07:16
PROTECTIONS: 1
MALWARE: 20
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1201 [VPS 080714-0] 4.8.1201 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Cookies\kazekage@doubleclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.fastclick.net/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.apmebf.com/]
00366244 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\kazekage\Desktop\Flash_Disinfector.exe[nircmd.exe]
02137870 Spyware/Virtumonde Spyware No 1 No No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[crack.exe]
02656816 Trj/Multidropper.RJL Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe
02656819 Dialer.KTG Dialers No 0 No No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[serial.exe]
02656821 Trj/Downloader.QXC Virus/Trojan No 1 No No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[keygen.exe]
02677471 W32/Virutas.AD Virus No 0 No No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[install.exe]
02916575 Trj/WoW.HV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP238\A0033750.dll
02938506 W32/Wow.TW.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP208\A0028955.dll
02938506 W32/Wow.TW.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP207\A0028899.dll
02938506 W32/Wow.TW.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP210\A0029046.dll
02938506 W32/Wow.TW.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP209\A0028993.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP231\A0031204.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP230\A0031171.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP231\A0031223.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP229\A0031123.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP229\A0031105.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP229\A0031086.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP229\A0031061.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP228\A0031046.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP226\A0030829.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP226\A0030953.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP227\A0030978.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP229\A0031135.dll
03052861 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP227\A0031017.dll
03065034 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP253\A0037417.dll
03065034 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP238\A0033744.dll
03065034 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP238\A0033709.dll
03065034 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP237\A0032631.dll
03065034 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP237\A0032609.dll
03065034 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP236\A0032472.dll
03065034 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP236\A0032447.dll
03065034 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP235\A0031371.dll
03065034 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP232\A0031271.dll
03065034 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP233\A0031300.dll
03065034 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP233\A0031324.dll
03065034 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP234\A0031350.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP218\A0030497.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP219\A0030524.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP222\A0030625.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP223\A0030666.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP224\A0030706.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP224\A0030727.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP224\A0030745.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP217\A0030450.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP212\A0030222.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP213\A0030264.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP214\A0030311.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP226\A0030806.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP215\A0030362.dll
03072968 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP224\A0030760.dll
03088274 Trj/Agent.IZH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP252\A0036494.exe
03104775 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP248\A0034278.exe
03150482 Bck/Agent.JAV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP244\A0034149.exe
03150482 Bck/Agent.JAV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP243\A0034093.exe
03150482 Bck/Agent.JAV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP244\A0034136.exe
03150482 Bck/Agent.JAV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP244\A0034115.exe
03150482 Bck/Agent.JAV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP252\A0036496.exe
03161781 Bck/PcClient.HP Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP252\A0036495.exe
03161781 Bck/PcClient.HP Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP248\A0034294.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location k
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description k
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 k
184379 MEDIUM MS08-001 k
182048 HIGH MS07-069 k
182046 HIGH MS07-067 k
182043 HIGH MS07-064 k
179553 HIGH MS07-061 k
157262 HIGH MS07-022 k
133385 MEDIUM MS06-063 k
123420 HIGH MS06-035 k
;===================================================================================================================================================================================

 

Hi bluesblues
OK that looks good.

Please do this.

Delete Flash Disinfector.

Run ATF Cleaner again, make sure you do the FireFox instructions to delete the cookies saved in FireFox.

We need to turn off and on system restore. There are infections in it and by using system restore you would reinfect yourself.

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
6. Make a new restore point.
7. Click Start, All Programs, Accessories, System Tools, System Restore.
Choose Create a restore point and clicked Next, Under “Type a description for your restore point…”put a name in the box,. Click Create. In the next window click Close.

Now please run Panda again an post the log.

Is the MY Documents still opening at start up?

Thanks
Geri

 

so...

I did everything you've asked.... deleted the old restore points and created a new one... also, thank you for fixing the registry about "my documents ", it doesn't open at the startup anymore.

here is PANDA scan report, please take a look at it...

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-17 23:45:01
PROTECTIONS: 1
MALWARE: 14
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1201 [VPS 080717-0] 4.8.1201 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Cookies\kazekage@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.doubleclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.tribalfusion.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Cookies\kazekage@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.apmebf.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.advertising.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Application Data\Mozilla\Firefox\Profiles\r0o3rs7z.default\cookies.txt[.adrevolver.com/]
00366244 Application/NirCmd.A HackTools No 0 No No C:\RECYCLER\S-1-5-21-1123561945-1004336348-725345543-1003\Dc1.exe[nircmd.exe]
02137870 Spyware/Virtumonde Spyware No 1 No No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[crack.exe]
02656816 Trj/Multidropper.RJL Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe
02656819 Dialer.KTG Dialers No 0 No No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[serial.exe]
02656821 Trj/Downloader.QXC Virus/Trojan No 1 No No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[keygen.exe]
02677471 W32/Virutas.AD Virus No 0 No No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[install.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182048 HIGH MS07-069
182046 HIGH MS07-067
182043 HIGH MS07-064
179553 HIGH MS07-061
157262 HIGH MS07-022
133385 MEDIUM MS06-063
123420 HIGH MS06-035
;===================================================================================================================================================================================

 

Hi bluesblues
Ok you need to clear your restore points in your D drive.
Do the instructions as before only do so on the D drive.

The others are cookies in Firefox.
To clear these open Firefox
Click on Tools > Options > click on the Privacy Tab.
Click on the Show Cookies button
Click on Remove All Cookies.

How are things running?

Geri

 

persistent

Hi Geri... everything is going well, thanks for asking...
I'm a bit annoyed, though about these persistent little pests that are still on restore points in my D volume....
I did the procedure of deleting old restore points on D drive. First of all I must ask why is there a separate "turn off restore points " for D volume when it says in window for C drive for both of them: "turn off restore points on all drives...?
anyway, I got into D drive settings and turned off it's restore points, restarted my computer and turned them back on. Then created a new restore point. I really thought this will keep viruses from being able to restore.... and they are again on system volume information...

please take a look at panda scan report and prompt me when you get time.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-18 15:08:59
PROTECTIONS: 1
MALWARE: 8
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1201 [VPS 080718-0] 4.8.1201 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Cookies\kazekage@doubleclick[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\kazekage\Cookies\kazekage@ad.yieldmanager[2].txt
00366244 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{58E60C5D-439C-4382-8DC4-EA9F0A575972}\RP4\A0000073.exe[nircmd.exe]
02137870 Spyware/Virtumonde Spyware No 1 No No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[crack.exe]
02656816 Trj/Multidropper.RJL Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe
02656819 Dialer.KTG Dialers No 0 No No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[serial.exe]
02656821 Trj/Downloader.QXC Virus/Trojan No 1 No No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[keygen.exe]
02677471 W32/Virutas.AD Virus No 0 No No D:\System Volume Information\_restore{AC9CB5EA-4EA3-416F-B595-D0DC699D54B3}\RP63\A0017540.exe[install.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location 
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 
184379 MEDIUM MS08-001 
182048 HIGH MS07-069 
182046 HIGH MS07-067 
182043 HIGH MS07-064 
179553 HIGH MS07-061 
157262 HIGH MS07-022 
133385 MEDIUM MS06-063 
123420 HIGH MS06-035 
;===================================================================================================================================================================================