|
|
|
i surfed the net & now my pc has spyware pop ups,i copied the highjacker file for you to help me out
|
|
Member
|
30. March 2008 @ 07:40 |
Link to this message
|
Go to the SDFix folder and see if there is a report.txt there and psot here for me to see.
Please also post me a fresh HijackThis log.
Windows and system security is my priority.
This message has been edited since posting. Last time this message was edited on 30. March 2008 @ 07:41
|
|
Advertisement
|
 |
|
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 07:54 |
Link to this message
|
there is a folder sdfix & its got 5 different types of files in it one is a yellow ghost effect look alike & its called appa then you have the second square box looks like a microwave its called catchme.exe then you have the 3rd one ghosty look alike its called dummy.sys system file 1kb then the 4th one is sdfix_readme_online internet shortcut then the fith one is another microwave look alike this is called runthis.bat ms-dos batch file,there is also a report.txt which is just on the desk top itsself, i will send you that as well now
SmitFraudFix v2.309
Scan done at 10:41:17.25, 30/03/2008
Run from C:\Documents and Settings\EDDY\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d70e9b0f-aabc-4066-8176-c6de84d92fa1}"="bimaculate"
[HKEY_CLASSES_ROOT\CLSID\{d70e9b0f-aabc-4066-8176-c6de84d92fa1}\InProcServer32]
@="C:\WINDOWS\system32\kknwg.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d70e9b0f-aabc-4066-8176-c6de84d92fa1}\InProcServer32]
@="C:\WINDOWS\system32\kknwg.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\kknwg.dll -> Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\kknwg.dll -> Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\375013\ Deleted
C:\DOCUME~1\EDDY\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\NetProject\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 62.30.112.39
DNS Server Search Order: 194.117.134.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer=62.30.112.39,194.117.134.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer=62.30.112.39,194.117.134.19
HKLM\SYSTEM\CS2\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer=62.30.112.39,194.117.134.19
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
|
Member
|
30. March 2008 @ 08:22 |
Link to this message
|
Windows and system security is my priority.
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 08:41 |
Link to this message
|
here it is in plain black & white
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:26, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit
SmartDefrag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows
Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\MemInfo\meminfo.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\In
ternet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath]
C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program
Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe"
/StartUp
O4 - HKLM\..\Run: [SM_IAN] C:\Program
Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program
Files\BillP Studios\WinPatrol\patrolpro.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program
Files\Windows Live\Messenger\msnmsgr.exe"
/background
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program
Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SpyShredder] C:\Program
Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS
Clock\dsclock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK
SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'Default
user')
O4 - Startup: MemInfo.lnk = C:\Program
Files\MemInfo\meminfo.exe
O4 - Startup: WordWeb.lnk = C:\Documents and
Settings\EDDY\My Documents\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel
-
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/30
00
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/
V5Controls/en/x86/client/wuweb_site.cab?1201727103
468
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/
V5Controls/en/x86/client/muweb_site.cab?1201727078
062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
(Java Runtime Environment 1.6.0) -
http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-wi
ndows-i586-jc.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-
4756-8479-1E90AA2806D3}: NameServer =
62.30.112.39,194.117.134.19
O18 - Protocol: grooveLocalGWS -
{88FED34C-F0CA-4636-A375-3CB6248B04CD} -
C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) -
Lavasoft - C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. -
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program
Files\Kontiki\KService.exe
--
End of file - 6276 bytes
|
Member
|
30. March 2008 @ 08:50 |
Link to this message
|
That is really difficult to read. Please reopen HijackThis log in notepad and then go to Format and ensure that there isn't a tick beside "Word wrap". Post the HijackThis log again after doing that.
Windows and system security is my priority.
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 08:55 |
Link to this message
|
here you are,i even had to clean it with mr sheens very own furniture polish,?joking
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:54, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\MemInfo\meminfo.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
O4 - Startup: WordWeb.lnk = C:\Documents and Settings\EDDY\My Documents\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1201727103468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1201727078062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/j...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
--
End of file - 6276 bytes
|
Member
|
30. March 2008 @ 09:12 |
Link to this message
|
Hey,
Please read the entire instructions before commencing and ask if you have anything you are unsure of. Please pay close attention to what logs I am asking for in your next reply.
1) Do a scan with SUPERAntiSpyware
Download and scan with SUPERAntiSpyware
[*]Double-click SUPERAntiSpyware.exe and use the default settings for installation.
[*]An icon will be created on your desktop. Double-click that icon to launch the program.
[*]If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
[*]Under "Configuration and Preferences", click the Preferences button.
[*]Click the Scanning Control tab.
[*]Under Scanner Options make sure the following are checked (leave all others unchecked):
[*]Close browsers before scanning.
[*]Scan for tracking cookies.
[*]Terminate memory threats before quarantining.
[*]Click the "Close" button to leave the control center screen.
[*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
[*]On the left, make sure you check C:\Fixed Drive.
[*]On the right, under "Complete Scan", choose Perform Complete Scan.
[*]Click "Next" to start the scan. Please be patient while it scans your computer.
[*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
[*]Make sure everything has a checkmark next to it and click "Next".
[*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
[*]If asked if you want to reboot, click "Yes".
[*]To retrieve the removal information after reboot, launch SUPERAntispyware again.
[*]Click Preferences, then click the Statistics/Logs tab.
[*]Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
[*]Please copy and paste the Scan Log results in your next reply.
[*]Click Close to exit the program.
--------------------------------------------------------------------------------
2) Do a scan with MalwareBytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select "Perform Quick Scan", then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
----------------------------------------------------------------------
In your next reply (please include the following):
Fresh HijackThis log
SUPERAntispyware scan log
MalwareBytes' Anti-Malware Scan log
Tell me how your computer is doing
Go!
~Ltangel~
Windows and system security is my priority.
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 10:18 |
Link to this message
|
|
im at the stage where iv'e ticked the 3 items that you wanted me to tick,aka checked,but when i go to the next part where it says in red close browsers yes iv'e done that but the other two lines in red say scan for tracking cookies & the 3rd line in red saying terminate memory threats before quarentining how do you do that in the preferences section you have 7 buttons you can click
on to do different things & you have another two buttons down bellow that says manage allowed items & manage exclusive folders but how tracking cookies & the 3rd line in red saying terminate memory threats before quarentining how do you do that in the preferences section
|
Member
|
30. March 2008 @ 10:24 |
Link to this message
|
|
It's under Scanning Control>Scanner Options, look carefully.
Windows and system security is my priority.
|
Member
|
30. March 2008 @ 10:49 |
Link to this message
|
|
Time for me to go to bed again, just post all the logs I've asked you to post when you are done, I'll have a look tomorrow. :)
~Ltangel~
Windows and system security is my priority.
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 11:12 |
Link to this message
|
well heres the log print you wanted from the superantispyware,
what i would also like you to answer me bruce is would i have to delete them when we finish or can i please keep them,the items all that you have made me put onto my system they all are frre aint they bruce,
i want to keep them if i ever get this problem again,& if i ever can get you to help me again in the future at least i would have all of the items of software on my desk top,
do you also have a link to the best freeware sight where everything to do with pcs are all there,
not no trial versions or buying versions please my pc gets a cold when they come on
good night my brother,i will log back on with you uk time from 6am,god bless you your family & your friends
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/30/2008 at 03:49 PM
Application Version : 4.0.1154
Core Rules Database Version : 3427
Trace Rules Database Version: 1419
Scan type : Complete Scan
Total Scan Time : 00:19:32
Memory items scanned : 419
Memory threats detected : 0
Registry items scanned : 6201
Registry threats detected : 31
File items scanned : 23673
File threats detected : 75
Adware.Tracking Cookie
C:\Documents and Settings\EDDY\Cookies\eddy@2643378[2].txt
C:\Documents and Settings\EDDY\Cookies\eddy@secure.advancedcleaner[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@server.iad.liveperson[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@tracking.summitmedia.co[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@advancedcleaner[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@indexstats[2].txt
C:\Documents and Settings\EDDY\Cookies\eddy@msnportal.112.2o7[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@adlegend[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@ad1.emediate[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@overture[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@statse.webtrendslive[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@rdr.hitmngr[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@revsci[2].txt
C:\Documents and Settings\EDDY\Cookies\eddy@antispykit[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@indextools[2].txt
C:\Documents and Settings\EDDY\Cookies\eddy@tracker.fullcontactzone[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@www.virusheat[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@www.malwarecore[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@counter.hitslink[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@setanta.112.2o7[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@winanonymous[1].txt
C:\Documents and Settings\EDDY\Cookies\eddy@ads.pointroll[2].txt
Malware.SpyShredder
HKU\S-1-5-21-1659004503-813497703-682003330-1003\Software\SpyShredder
HKU\S-1-5-21-1659004503-813497703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run#SpyShredder [ C:\Program Files\SpyShredder\SpyShredder.exe ]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047604.EXE
Rogue.ErrorFighter
HKLM\Software\ugac
HKLM\Software\ugac#DomainName
Rogue.AntiSpyKit
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\byjegmgjS
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\cmnFMzkOEwg
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Control
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\gjsvniDt
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\HXAoo
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\InprocServer32
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\InprocServer32#ThreadingModel
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\InprocServer32#InprocServer32
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\MiscStatus
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\MiscStatus\1
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\nDuqNvLitg
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\ProgID
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Programmable
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\ToolboxBitmap32
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\TypeLib
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\Version
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\VersionIndependentProgID
HKCR\CLSID\{3935B537-3E6D-04ED-ABB3-ACB16A699E3B}\wotqycejlzDwp
Malware.LocusSoftware Inc/WinSpyControl
C:\Documents and Settings\EDDY\Application Data\WinSpyControl\Logs\threats.log
C:\Documents and Settings\EDDY\Application Data\WinSpyControl\Logs\update.log
C:\Documents and Settings\EDDY\Application Data\WinSpyControl\Logs
C:\Documents and Settings\EDDY\Application Data\WinSpyControl
C:\WinSpyControl\AVQuar
C:\WINDOWS\..\WinSpyControl
Rogue.WinPCDoctor
C:\Program Files\Common Files\WinPCDoctor
Rogue.VirusHeat
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\EDDY\LOCALS~1\TEMP\BR13D1.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046932.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046971.EXE
Rogue.WinPCDoctor-Installer
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\EDDY\LOCALS~1\TEMP\NI.UGDC_0001_N122M2603\SETUP.EXE
C:\DOCUMENTS AND SETTINGS\EDDY\APPLICATION DATA\INSTALLER_EN[1].EXE
Rogue.AdvancedCleaner
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\EDDY\LOCALS~1\TEMP\UADC_0001_D10M0502\INSTALLER.EXE
Rogue.NetProject-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046892.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046914.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046927.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046948.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP105\A0047325.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP105\A0047423.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP106\A0047442.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047493.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047503.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0047990.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0048193.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0048238.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP107\A0049238.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP109\A0049247.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP110\A0049541.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP110\A0049830.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP111\A0049881.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP116\A0050152.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP116\A0051140.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP117\A0051187.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP117\A0051197.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP118\A0051210.EXE
Malware.VirusRanger
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046953.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046961.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP103\A0046963.EXE
Rogue.StorageProtector/Trace
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046972.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046973.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP48\A0012299.EXE
Malware.MalwareStopper
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046976.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046977.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP104\A0046978.DLL
Rogue.AVSystemCare/Component
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP113\A0049930.EXE
Trojan.Unclassified/Rogue-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP113\A0049931.EXE
Rogue.LocusSoftware-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP113\A0049932.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP116\A0050158.EXE
Adware.E404 Helper/Variant-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP114\A0049941.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP114\A0049942.DLL
Trojan.FakeAlert-Gen/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP118\A0051395.DLL
Adware.Jraun/WinEssential
C:\SYSTEM VOLUME INFORMATION\_RESTORE{A2A512DA-21E6-45F1-9B1D-6020CD41E4FC}\RP31\A0005308.EXE
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 11:32 |
Link to this message
|
|
im enjoying this so much im getting the first plain out for you to teach me to be a profeeor in the science of the mind of a pc,joking,just to let you know here is your log from malwarebytes'anti-malware
Malwarebytes' Anti-Malware 1.09
Database version: 568
Scan type: Quick Scan
Objects scanned: 30086
Time elapsed: 2 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinAnonymous (Rogue.WinAnonymous) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8113b5de-f7eb-4154-a311-497fb80d8bd0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Common Files\SecurePCCleaner (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Settings (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\Abbr (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\prod_code (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\rs.dat (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log\2008 Feb 02 - 05_13_12 PM_578.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log\2008 Feb 02 - 05_13_16 PM_875.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Settings\ScanResults.pie (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 11:45 |
Link to this message
|
|
heres the last log is itthe same log you will know once you read it now,thank you i think maybe by monday we might be able to complete it all then on the small remanding issues i you can just help me with them that would be great,as im no longer talking to my so called friend who did't want to help me with the pc nomore i don't have anyone left to help me out,plus im house bound most of the times being the fact that im disabled & have acute memory loss & learning difficulties,thank you for being patient with me,we have done so well,is there two logs mabe its the same one i just sent it to you twice
Malwarebytes' Anti-Malware 1.09
Database version: 568
Scan type: Quick Scan
Objects scanned: 30086
Time elapsed: 2 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinAnonymous (Rogue.WinAnonymous) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8113b5de-f7eb-4154-a311-497fb80d8bd0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Common Files\SecurePCCleaner (Rogue.SecurePCCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Settings (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\Abbr (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Yourprivacyguard\prod_code (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\ac (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\em (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\oid (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\user (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\winpcdoctor\Data\WinPCDoctor.exe.cer (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\rs.dat (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log\2008 Feb 02 - 05_13_12 PM_578.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Log\2008 Feb 02 - 05_13_16 PM_875.log (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
C:\Documents and Settings\EDDY\Application Data\SpywareRemover\Settings\ScanResults.pie (Rogue.Spyware.Remover) -> Quarantined and deleted successfully.
|
|
engin123
Account closed as per user's own request
|
31. March 2008 @ 02:52 |
Link to this message
|
|
im ready bruce if you are,have you got all the details that you ned if so lets start from where we left off to you i should now be saying good afternoon
|
|
engin123
Account closed as per user's own request
|
31. March 2008 @ 03:04 |
Link to this message
|
im ready bruce if you are,have you got all the details that you ned if so lets start from where we left off to you i should now be saying good afternoon also avg is doing a scan now saying i threat trojan horse downloader.Generic7.CRX,ITS SCANNING NOW,& WHEN I MOVE FROM PAGE TO PAGE ON AFTERDAWN.COM,MY EXPLORER 7 IS MAKING a squeeky sound,from any page that sound is coming on
|
|
engin123
Account closed as per user's own request
|
31. March 2008 @ 03:58 |
Link to this message
|
hi bruce the avg has finished its scan & it has treated the trojan now there is o errors,googdie goodie,but only when im on atfterdawn.com im getting this whistling sound its anoying me,i hope you are ok i have not heard from you yet which is not like you,you usually first thing send me a reply to be repling to my messages that you wanted the results,by the fact that i thought that iv'e sent you all the infomation,maybe you are working today or busy,all then i can do is patiently wait until you reply im home all day,im going out after 4pm uk,thats after your bed time so i should here from you long before then i hope,until i fix this problem i cant use my pc to download & do what i usually do,i did download a codecs video audio k-lite codecs pack full from your web site,& i downloaded a boxing streming setup for streming boxing fights live for free from all around the world called how to box,this is there web site link http://how-to-box.com/boxing/content/how-to-box-tv
|
Member
|
31. March 2008 @ 04:14 |
Link to this message
|
Hey,
I just got back from school, sorry for the late reply. Sorry to hear about your health condition, please take care of you health, as it is the most important thing in your life. No worries, I'll help you fix your problem. :)
Besides the squeaky sound on IE7, are there any problems with your computer?
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Go!
~Ltangel~
Windows and system security is my priority.
|
|
engin123
Account closed as per user's own request
|
31. March 2008 @ 04:21 |
Link to this message
|
|
i don't understand what am i supose to do now,i thought you would be giving me information now on what to do now,if you give up on me now then how would i know what to do,by reading your message it sounded to me as if you saw a message & you just reply saying hi then bye,i wont be able to use my pc then if we cant finish off what we have started even on the reboot its slow it shouldn't be is it still in safe mode the back ground is all blue,my plcture i had on there before is not on my desktop,
& i wanted help with the whisterling sound when ever im going from page to page on your site,at the end i just would have asked you to send me a list so that in future i can try to combat it myself,
i don't think i can but thats why i wanted you to be as patient as me,i told you already that my so called friend has let me down big time so i have no one left to help me,if you are giving up on me have i done something to afend you if so please tell me,haven;t i got that already on my system,
its just that like in marriages & friendships people just give up on each other to quickly & for the silliest of things so i feel that way to because its happened to me ,i always say if it wasn't for bad luck i wouldn't have any luck at all
|
Member
|
31. March 2008 @ 04:24 |
Link to this message
|
|
I never say I'm giving up on you. You said your computer has a squeaky sound, that's why I ask you to download Deckard's system scan and let me see what's wrong with your computer.
Also, please tell me if there are any other problems you are having with your computer, so I can help you in a better way.
Windows and system security is my priority.
|
|
engin123
Account closed as per user's own request
|
31. March 2008 @ 04:27 |
Link to this message
|
this is the main txt -notepad i don't know about the second one
Deckard's System Scanner v20071014.68
Run by EDDY on 2008-03-31 09:27:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as EDDY.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:03, on 31/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MemInfo\meminfo.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\EDDY\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\EDDY.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WinPatrol Helper DLL] C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
O4 - Startup: WordWeb.lnk = C:\Documents and Settings\EDDY\My Documents\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsof...b?1201727103468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1201727078062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/j...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99525DF8-A407-4756-8479-1E90AA2806D3}: NameServer = 62.30.112.39,194.117.134.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
--
End of file - 6465 bytes
-- Files created between 2008-02-29 and 2008-03-31 -----------------------------
2008-03-31 07:17:37 0 d-------- C:\Program Files\SopCast
2008-03-31 03:22:01 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-03-31 03:21:59 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-03-31 03:21:59 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-31 03:21:59 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-31 03:21:58 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-31 03:21:58 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-31 03:21:58 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 03:21:57 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-31 03:21:56 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-30 16:24:00 0 d-------- C:\Documents and Settings\EDDY\Application Data\Malwarebytes
2008-03-30 16:23:21 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-30 16:23:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-30 14:41:23 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-30 14:41:08 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-30 14:41:07 0 d-------- C:\Documents and Settings\EDDY\Application Data\SUPERAntiSpyware.com
2008-03-30 10:41:23 924 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-30 09:32:05 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-30 09:32:05 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-30 09:32:05 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-30 09:32:05 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-30 09:32:05 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-30 09:32:05 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-30 09:32:05 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-29 16:49:23 0 d-------- C:\y
2008-03-29 13:46:19 0 d-------- C:\Program Files\DS Clock
2008-03-29 11:50:59 0 d-------- C:\cmdcons
2008-03-29 04:07:56 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-03-28 19:38:26 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-28 19:38:26 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-28 19:38:26 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-28 19:38:26 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-28 15:12:33 0 dr-h----- C:\$VAULT$.AVG
2008-03-28 14:15:54 0 d-------- C:\Documents and Settings\EDDY\Application Data\AVG7
2008-03-28 14:15:46 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-28 14:15:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-28 14:15:30 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-28 08:45:57 0 d-------- C:\UBCD4Win
2008-03-28 02:46:19 0 d-------- C:\Program Files\Trend Micro
2008-03-28 02:37:46 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-28 01:57:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-28 00:01:14 0 d-------- C:\WINDOWS\system32\299914
2008-03-27 21:40:55 0 d-------- C:\Program Files\Lavasoft
2008-03-27 21:40:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-27 21:40:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 19:48:55 0 dr-h----- C:\Documents and Settings\EDDY\Recent
2008-03-27 13:00:09 0 d-------- C:\Program Files\CCleaner
2008-03-24 12:22:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-23 15:11:22 0 d-------- C:\Documents and Settings\EDDY\Application Data\MozillaControl
2008-03-23 11:24:49 0 d-------- C:\Documents and Settings\EDDY\Application Data\Opera
2008-03-22 22:16:04 0 d-------- C:\Documents and Settings\EDDY\AbiSuite
2008-03-22 19:30:41 0 d-------- C:\Program Files\LingvoSoft
2008-03-22 19:13:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Transparent
2008-03-20 13:58:30 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-19 01:32:46 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-19 01:27:21 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-19 00:36:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-03-19 00:36:12 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-03-15 20:34:08 0 d-------- C:\Program Files\DivX
2008-03-15 20:28:29 36734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-03-15 20:04:51 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-11 13:09:41 0 d-------- C:\Program Files\Kontiki
2008-03-11 13:09:41 0 d-------- C:\logs3
2008-03-11 13:09:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-11 13:09:23 0 d-------- C:\WINDOWS\Downloaded Installations
2008-03-06 01:05:37 0 d-------- C:\Documents and Settings\EDDY\Application Data\Real
2008-03-02 07:54:26 56832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll
2008-03-02 07:54:26 27648 --a------ C:\WINDOWS\system32\ir50_lcs.dll <Not Verified; Intel Corporation.; Intel Indeo® video 5.0 LC>
2008-03-02 07:54:09 305152 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-03-02 07:51:00 0 d-------- C:\Program Files\LEAD Technologies, Inc
2008-03-02 07:35:04 62464 --a------ C:\WINDOWS\system32\cygz.dll
2008-03-02 07:35:04 1208320 --a------ C:\WINDOWS\system32\cygxml2-2.dll
2008-03-02 07:35:04 1153417 --a------ C:\WINDOWS\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
2008-03-02 07:35:04 980992 --a------ C:\WINDOWS\system32\cygiconv-2.dll
2008-03-02 07:33:57 57344 --a------ C:\WINDOWS\system32\WNASPINT.DLL <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2008-03-01 19:34:45 0 d-------- C:\Program Files\iPod
-- Find3M Report ---------------------------------------------------------------
2008-03-30 16:31:21 0 d-------- C:\Program Files\Common Files
2008-03-29 21:13:24 0 d-------- C:\Documents and Settings\EDDY\Application Data\Azureus
2008-03-28 10:28:06 0 d-------- C:\Documents and Settings\EDDY\Application Data\Vso
2008-03-28 10:28:05 668 --a------ C:\Documents and Settings\EDDY\Application Data\vso_ts_preview.xml
2008-03-27 21:30:25 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-27 03:40:00 6397 --a------ C:\Documents and Settings\EDDY\Application Data\update.log
2008-03-25 22:39:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-25 14:04:56 0 d-------- C:\Program Files\Azureus
2008-03-25 10:57:13 0 d-------- C:\Documents and Settings\EDDY\Application Data\uTorrent
2008-03-24 17:02:39 0 d-------- C:\Program Files\IObit
2008-03-24 11:35:11 0 d-------- C:\Documents and Settings\EDDY\Application Data\CopyToDvd
2008-03-20 13:58:54 0 d-------- C:\Documents and Settings\EDDY\Application Data\Mozilla
2008-03-19 02:05:13 0 d-------- C:\Program Files\XP Smoker
2008-03-17 23:31:51 0 d-------- C:\Documents and Settings\EDDY\Application Data\BSplayer PRO
2008-03-15 20:10:00 0 d-------- C:\Documents and Settings\EDDY\Application Data\DivX
2008-03-14 23:48:10 0 d-------- C:\Documents and Settings\EDDY\Application Data\DVD Flick
2008-03-02 07:36:17 0 d-------- C:\Program Files\Cucusoft
2008-03-01 19:34:56 0 d-------- C:\Program Files\iTunes
2008-02-21 03:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-21 03:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 03:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 03:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-18 14:13:14 0 d-------- C:\Program Files\NCH Swift Sound
2008-02-15 03:44:08 0 d-------- C:\Program Files\Driver Magician
2008-02-15 02:19:03 0 d-------- C:\Documents and Settings\EDDY\Application Data\Help
2008-02-10 19:29:35 0 d-------- C:\Documents and Settings\EDDY\Application Data\ImgBurn
2008-02-10 19:29:11 0 d-------- C:\Program Files\ImgBurn
2008-02-10 01:00:44 0 d-------- C:\Program Files\Alwil Software
2008-02-09 21:03:52 0 d-------- C:\Documents and Settings\EDDY\Application Data\Any DVD Converter Professional
2008-02-09 21:00:49 0 d-------- C:\Program Files\Any DVD Converter Professional
2008-02-09 20:53:20 0 d-------- C:\Documents and Settings\EDDY\Application Data\Media Player Classic
2008-02-09 20:51:54 680 --a------ C:\Documents and Settings\EDDY\Application Data\coreavc.ini
2008-02-08 23:50:25 0 d-------- C:\Program Files\iSofter
2008-02-06 22:29:10 0 d-------- C:\Documents and Settings\EDDY\Application Data\Nero
2008-02-05 23:05:06 0 d-------- C:\Program Files\VSO
2008-02-05 16:19:29 0 d-------- C:\Documents and Settings\EDDY\Application Data\NCH Swift Sound
2008-02-05 11:43:54 0 d-------- C:\Documents and Settings\EDDY\Application Data\Launchy
2008-02-05 10:30:17 0 d-------- C:\Documents and Settings\EDDY\Application Data\VSO_HWE
2008-02-04 21:51:15 0 d-------- C:\Documents and Settings\EDDY\Application Data\Ahead
2008-02-04 21:18:29 0 d-------- C:\Program Files\MSECache
2008-02-04 20:59:33 0 d-------- C:\Program Files\Microsoft DirectX SDK (November 2007)
2008-02-04 19:04:39 0 d-------- C:\Program Files\Noël Danjou
2008-02-04 08:20:46 0 d-------- C:\Program Files\MemInfo
2008-02-02 20:55:19 0 d-------- C:\Documents and Settings\EDDY\Application Data\IObit
2008-02-02 19:18:36 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-02 18:08:34 0 d-------- C:\Documents and Settings\EDDY\Application Data\Avant Profiles
2008-02-02 18:08:31 0 d-------- C:\Program Files\Avant Browser
2008-02-02 17:59:45 0 d-------- C:\Program Files\Citi-Software
2008-02-02 17:17:06 0 d-------- C:\Program Files\NCH Software
2008-02-02 00:01:14 0 d-------- C:\Program Files\Cool PDF Reader
2008-02-01 23:32:14 0 d-------- C:\Program Files\Machinist2DLL
2008-02-01 22:49:28 0 d-------- C:\Program Files\007DVD
2008-02-01 10:31:39 0 dr------- C:\Documents and Settings\EDDY\Application Data\Brother
2008-02-01 10:17:42 50 --a------ C:\WINDOWS\system32\bridf07a.dat
2008-02-01 10:17:29 0 d-------- C:\Program Files\Brother
2008-02-01 10:15:57 0 d-------- C:\Documents and Settings\EDDY\Application Data\InstallShield
2008-02-01 10:14:56 0 d-------- C:\Program Files\Nuance
2008-02-01 10:13:42 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-02-01 10:13:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-01 10:13:24 0 d-------- C:\Program Files\ScanSoft
2008-02-01 09:05:19 0 d-------- C:\Program Files\uTorrent
2008-02-01 02:00:58 0 d-------- C:\Program Files\Real
2008-02-01 01:42:44 0 d-------- C:\Program Files\AC3Filter
2008-02-01 01:18:46 0 d-------- C:\Program Files\coverXP
2008-02-01 01:07:28 0 d-------- C:\Program Files\DVDFab Gold 4
2008-02-01 00:56:41 34 --a------ C:\Documents and Settings\EDDY\Application Data\pcouffin.log
2008-02-01 00:56:36 47360 --a------ C:\Documents and Settings\EDDY\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-01 00:56:36 1144 --a------ C:\Documents and Settings\EDDY\Application Data\pcouffin.inf
2008-02-01 00:56:36 7887 --a------ C:\Documents and Settings\EDDY\Application Data\pcouffin.cat
2008-02-01 00:56:35 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-02-01 00:50:08 0 d-------- C:\Documents and Settings\EDDY\Application Data\Apple Computer
2008-02-01 00:49:35 0 d-------- C:\Program Files\Bonjour
2008-02-01 00:48:29 0 d-------- C:\Program Files\Apple Software Update
2008-02-01 00:48:05 0 d-------- C:\Program Files\Common Files\Apple
2008-02-01 00:34:38 0 d-------- C:\Documents and Settings\EDDY\Application Data\WinPatrol
2008-02-01 00:34:30 0 d-------- C:\Program Files\BillP Studios
2008-02-01 00:17:33 0 d-------- C:\Documents and Settings\EDDY\Application Data\Adobe
2008-01-31 23:42:23 0 d-------- C:\Program Files\Windows Live
2008-01-31 23:40:15 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-31 23:20:31 0 d-------- C:\Program Files\Messenger
2008-01-31 22:07:37 0 d-------- C:\Documents and Settings\EDDY\Application Data\LimeWire
2008-01-31 22:04:37 0 d-------- C:\Program Files\LimeWire
2008-01-31 21:35:27 0 d-------- C:\Program Files\Vimicro
2008-01-31 21:32:04 0 d-------- C:\Program Files\Xvid
2008-01-31 03:31:12 0 d-------- C:\Program Files\Microsoft Works
2008-01-31 03:30:57 0 d-------- C:\Program Files\MSBuild
2008-01-31 03:29:23 0 d-------- C:\Program Files\Microsoft.NET
2008-01-31 03:27:38 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-31 00:41:23 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-31 00:34:49 0 d-------- C:\Program Files\Nero
2008-01-31 00:31:15 0 d-------- C:\Documents and Settings\EDDY\Application Data\vlc
2008-01-31 00:28:39 0 d-------- C:\Program Files\VideoLAN
2008-01-31 00:26:52 1167 --a------ C:\WINDOWS\mozver.dat
2008-01-31 00:23:17 0 d-------- C:\Documents and Settings\EDDY\Application Data\Macromedia
2008-01-31 00:12:31 0 d-------- C:\Documents and Settings\EDDY\Application Data\Sun
2008-01-31 00:03:20 0 d-------- C:\Program Files\Java
2008-01-31 00:01:58 0 d-------- C:\Program Files\Common Files\Java
2008-01-30 03:48:09 25004 --a------ C:\WINDOWS\system32\tcpipbak.reg
2008-01-30 03:34:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-30 02:18:49 0 -rahs---- C:\MSDOS.SYS
2008-01-30 02:18:49 0 -rahs---- C:\IO.SYS
2008-01-30 02:18:49 0 --a------ C:\CONFIG.SYS
2008-01-30 02:18:49 0 --a------ C:\AUTOEXEC.BAT
2008-01-30 02:15:33 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-30 02:07:28 62 --ahs---- C:\Documents and Settings\EDDY\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [09/06/2004 16:37]
"SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [08/01/2008 00:29]
"SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [28/03/2008 14:15]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol Helper DLL"="C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll" [27/01/2008 06:38]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [27/02/2008 18:56]
"DS Clock"="C:\Program Files\DS Clock\dsclock.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 16:03]
C:\Documents and Settings\EDDY\Start Menu\Programs\Startup\
MemInfo.lnk - C:\Program Files\MemInfo\meminfo.exe [13/01/2008 18:16:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoStartMenuEjectPC"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoToolbarCustomize"=1 (0x1)
"NoBandCustomize"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoDesktopCleanupWizard"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoRecycleFiles"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoStartMenuEjectPC"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*Newly Created Service* - SASDIFSV
-- End of Deckard's System Scanner: finished at 2008-03-31 09:27:25 ------------
|
|
engin123
Account closed as per user's own request
|
31. March 2008 @ 04:31 |
Link to this message
|
|
ok i will ive sent you the log but there is not another one,i will contact you in 25 minutes so any repies just send them thanks
|
|
engin123
Account closed as per user's own request
|
31. March 2008 @ 05:21 |
Link to this message
|
this link has just come to me bout avg free 8.0,shall i download it im back & ready as ever now,i think where we should start would be yes to solve that prom of them scans you looked at with the highjacker this log but were at that stage where i need to open my pc to you to allow you to also know what i have installed on my pc in my add & remove,
& for what i have in my programs in the c:/ drive,what do you think then you can tell me what i need to delete & what is harmfull to me & what is safe for me to keep then you can ask me what is it that i use the pc for mainly then we will have a great understanding of you knowing what iv'e got so you then are not working blindly with me,do you agree how can we do it,
are you allowed to do that thing that windows give you a free trial go where you can take over my pc from where you are & you then can see what is what its much less work plus i can see what you are also doing,or can you tell me how to step by step on how to copy & paste all what i have in add & remove & all that i have in programs in c:/drive,not al things can be copied or pasted but for those with the know how they do know iv'e
always needed that type of know how so that it helps me help the expert to know what problem im suffering with is there a free software for this i believe bruce this is the best way forward,
Your AVG Anti-Virus Free 7.5 AVG Internet Security 8.0
Anti-Virus
Anti-Spyware
Anti-Rootkit
Anti-Spam
Firewall
Safe Search
Safe Surf
Safe Downloads
Safe Instant Messaging
AVG 8.0 offers a winning combination
Virus Bulletin reviews the new AVG 8.0
"The combination of a wide range of features ? including some nice innovations ? with much improved design and usability, stability, unexceptionable system impact and highly impressive detection, seems like a winning one."
- Virus Bulletin, March 2008
Trusted by millions of users
AVG products are running on over 70 million computers worldwide.
|
Member
|
31. March 2008 @ 05:27 |
Link to this message
|
Hey,
Please follow my instructions closely.
1. Fix with HijackThis
Please reopen HijackThis, and "Do a system scan only" and put a check to the entries below:
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
Now close all other windows and browsers, and click "Fix checked". Close HijackThis.
Please go to Add or Remove Programs and remove the following program (if present):
AdvancedCleaner Free
SopCast
uTorrent
LimeWire
Then, please use Windows Explorer and search and delete the following folder/files (if present):
c:\program files\AdvancedCleaner Free\
c:\program files\SopCast\
c:\program files\uTorrent\
c:\program files\LimeWire\
C:\WINDOWS\system32\299914\
C:\Documents and Settings\EDDY\Application Data\uTorrent\
C:\WINDOWS\system32\bdod.bin
After that, Reboot, and post a new HijackThis log here in a reply.
------------------------------------------------------------------------
2. Update your Java
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
* Download the latest version of Java here.
* Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java (they begin with "J2SE Runtime Environment or Java (tm)...").
* It may prompt you to reboot once you have removed previous versions, please click "Yes" if the prompt comes up.
* Finally, install the latest version of Java you have downloaded earlier.
------------------------------------------------------------------------
3. Do an online scan with Panda Active Scan
Please go [url="http://www.nanoscan.com/as/index/"][color="red"]HERE[/color][/url] to run Panda's TotalScan[list]
[*]Select the bubble for Full scan
[*]It will start downloading the files it requires for the scan [color="blue"](Note: It may take a couple of minutes)[/color]
[*]Then the scan will begin
[*]When the scan completes, click the Save button on the right of Scan details
[*]Save it to a convenient location. Post the contents of the TotalScan report.
------------------------------------------------------------------------
In your next reply (please include):
Fresh HijackThis log
ActiveScan report
Go!
~Ltangel~
Windows and system security is my priority.
|
Member
|
31. March 2008 @ 05:30 |
Link to this message
|
Originally posted by engin123:
this link has just come to me bout avg free 8.0,shall i download it im back & ready as ever now,i think where we should start would be yes to solve that prom of them scans you looked at with the highjacker this log but were at that stage where i need to open my pc to you to allow you to also know what i have installed on my pc in my add & remove,
& for what i have in my programs in the c:/ drive,what do you think then you can tell me what i need to delete & what is harmfull to me & what is safe for me to keep then you can ask me what is it that i use the pc for mainly then we will have a great understanding of you knowing what iv'e got so you then are not working blindly with me,do you agree how can we do it,
are you allowed to do that thing that windows give you a free trial go where you can take over my pc from where you are & you then can see what is what its much less work plus i can see what you are also doing,or can you tell me how to step by step on how to copy & paste all what i have in add & remove & all that i have in programs in c:/drive,not al things can be copied or pasted but for those with the know how they do know iv'e
always needed that type of know how so that it helps me help the expert to know what problem im suffering with is there a free software for this i believe bruce this is the best way forward,
Your AVG Anti-Virus Free 7.5 AVG Internet Security 8.0
Anti-Virus
Anti-Spyware
Anti-Rootkit
Anti-Spam
Firewall
Safe Search
Safe Surf
Safe Downloads
Safe Instant Messaging
AVG 8.0 offers a winning combination
Virus Bulletin reviews the new AVG 8.0
"The combination of a wide range of features ? including some nice innovations ? with much improved design and usability, stability, unexceptionable system impact and highly impressive detection, seems like a winning one."
- Virus Bulletin, March 2008
Trusted by millions of users
AVG products are running on over 70 million computers worldwide.
I don't need an uninstall list, just follow my intructions above will do. Your PC is almost done with the cleaning. :)
~Ltangel~
Windows and system security is my priority.
|
|
Advertisement
|
|
|
|
engin123
Account closed as per user's own request
|
31. March 2008 @ 05:46 |
Link to this message
|
ok i will do that now you can answer the questions later on my last message i sent to yo,i mainly use the pc for surfing the net & for downloading music now & again & for movies boxing,
i have got u-torrents i use that as my downloading platform if you can advise me with a better bug free & privacy free one that would be good i use azureuz to,lime wire i use it for music its the only one i have for music if you can also get me a free bug free one but a different name,
& if you can also explain whats wrong with these 4 or 5 items that need to be deleted,i do also use a few different software that i use frequently for converting & making it a dvd to be conbatale with all uk dvd players,so them items are so important to me plus my itunes,
plus i have installed some different types of video & audio codecs wich i need to do these convertions,but the audio is not always in sync,with this new hd,then you hd246 or something like that when i do them sometimes im getting crackling sounds,
i need an audio codecs that can do all up to date audios as well as all the older ones,to me this is very important i hope you can try to understand me,being im house bound most of the time what else is there to do,thank you
|
|
