Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

virumonde problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

virumonde problem

Unread postby branko » September 6th, 2008, 9:08 pm

I cannot get rid of virtumonde.prx or similar. IE is slow, I don't use it actually. Firefox has problems accessing search sites, especially yahoo and
is generally slow. Safari worked fine for a while, not is is extremely slow as well. Tied a nyumber of anti-virus programs, anti-ad wrae, anti-maleware
and other apps. Some find it, some don't. Found somewhere manual way to remove malware .dll. Did that, a bit of improvement, but
still a major problem. Need help, please. Hijackthis log attached.

Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:16 PM, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Altec Lansing\AMS\ALServ.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Altec Lansing\AMS\guialtn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1DA7512B-CFEA-4BCD-BE6F-56D386A5D428} - C:\WINDOWS\system32\xxyWMCTL.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ALServ] "C:\Program Files\Altec Lansing\AMS\ALServ.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Stanka')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PhotoCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\PhotoCAL\PhotoCAL.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2594377500
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,dgdzsc.dll,ulluzs.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: rqRHyYqo - rqRHyYqo.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13546 bytes
You do not have the required permissions to view the files attached to this post.
Last edited by silver on September 9th, 2008, 1:08 am, edited 1 time in total.
Reason: Please do not attach logs unless specifically requested, thanks :)
branko
Regular Member
 
Posts: 44
Joined: September 6th, 2008, 9:01 pm
Advertisement
Register to Remove

Re: virumonde problem

Unread postby Axephilic » September 7th, 2008, 5:30 pm

Hello ,

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to expain or go more into depth for you. :)
  2. I am still in training, so my responses may take more time than usual because all of my posts must be checked by an expert or teacher.
    Also, please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replys in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.

Please just paste all of the logs that I request into a reply instead of attaching them. It just adds extra work for me when you attach the files. ;)

Make an Uninstall List

Next, please make an uninstall list using HijackThis.
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply. Please also include a new HijackThis log.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: virumonde problem

Unread postby branko » September 7th, 2008, 8:23 pm

Adam,

Thanks much for the help. Here is what you requested, first uninstall list and then the latest log.

Regards.
B.

Acrobat.com
Acrobat.com
Ad-aware 6 Personal
Adobe Acrobat 6.0 Standard
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Alien Shooter
AMS24
Apple Mobile Device Support
Apple Software Update
AVG 8.0
B/W Styler 1.01
Bonjour
Browser Address Error Redirector
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon CanoScan Toolbox 4.1
Canon EOS 5D WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon EOS-1D Mark II N WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Capture 1.5
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Color Efex Pro 3.0 Complete
Compatibility Pack for the 2007 Office system
Debugging Tools for Windows (x86)
Deer Drive Free Trial
Dell DataSafe Online
Dell Support Center
Documentation & Support Launcher
EPSON GrayBalancer
EPSON Printer Software
Games, Music, & Photos Launcher
Google Desktop
Google Earth
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Intel(R) Processor ID Utility
Internet Service Offers Launcher
IrfanView (remove only)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:23 PM, on 9/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Altec Lansing\AMS\ALServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Altec Lansing\AMS\guialtn.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Adobe\Adobe Bridge\Bridge.exe
C:\DOCUME~1\Branko\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1DA7512B-CFEA-4BCD-BE6F-56D386A5D428} - C:\WINDOWS\system32\xxyWMCTL.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ALServ] "C:\Program Files\Altec Lansing\AMS\ALServ.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PhotoCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\PhotoCAL\PhotoCAL.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2594377500
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,dgdzsc.dll,ulluzs.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: rqRHyYqo - rqRHyYqo.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12694 bytes
branko
Regular Member
 
Posts: 44
Joined: September 6th, 2008, 9:01 pm

Re: virumonde problem

Unread postby Axephilic » September 9th, 2008, 11:04 pm

Hello branko,

Sorry for the delay, we are a bit swamped right now.

Remove all but one Anti-Virus program
You are operating your computer with multiple Anti Virus programs:
AVG8
Kaspersky
Trend Micro


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please make sure you choose one currently capable of receiving updates, because an antivirus program without updates cannot protect your system effectively.

Please Uninstall two of them using Control Panel, Add/Remove Programs.

RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please include:
  1. Both RSIT logs
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: virumonde problem

Unread postby branko » September 10th, 2008, 1:25 am

Adam,

Thank you for the reply.

TrendMicro is for Hijack This, so I can't unistall that one.
I tried uninstalling AVG but it did not work, uninstall has problems and it cannot finish. Anyway, after computer starts, I
exit AVG or Kaspersky, so I hope there should not be a problem, since they are not running at the same time.

Here are the logs, as you requested.

Branko


info.txt logfile of random's system information tool 2008-09-09 22:17:35

Uninstall list

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-aware 6 Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 6.0 Standard-->MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alien Shooter-->"C:\Program Files\Alien Shooter\ReflexiveArcade\unins000.exe"
AMS24-->MsiExec.exe /I{A26E4368-1E2B-42DE-BF6A-4ADAE94805E1}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
B/W Styler 1.01-->"C:\Program Files\BWStyler\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon EOS Kiss_N REBEL_XT 350D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} /l1033 /x
Canon EOS-1D Mark II N WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{35260E0B-A8C2-4D25-97E2-448DE7275C85} /l1033
Canon EOS-1Ds Mark II WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{652C4ADF-0A29-4B02-9211-EE61675847DE} /x
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 3.4-->"C:\Program Files\Common Files\Canon\UIW\1.3.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Capture 1.5-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Color Efex Pro 3.0 Complete-->C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\Nik Software\Color Efex Pro 3.0 Complete\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Debugging Tools for Windows (x86)-->MsiExec.exe /I{1CD0C3C5-809D-4CFC-904A-1B67C6243637}
Deer Drive Free Trial-->"C:\Program Files\DeerDrive_at\unins000.exe"
Dell DataSafe Online-->MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EPSON GrayBalancer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADED38AC-E255-11D5-86C0-0090992D9903}\Setup.exe" -l0x9 Anything
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Photos Screensaver-->MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Branko\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Processor ID Utility-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Juniper Networks Network Connect 6.1.0-->"C:\Program Files\Juniper Networks\Network Connect 6.1.0\uninstall.exe"
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Lookout-->"C:\Program Files\Lookout Software\Lookout\UninstallLookout.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
NETGEAR WG311v2 802.11g Wireless PCI Adapter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{936D42B8-FE51-41D5-A74A-6182F6CDB17B}
nik Sharpener Pro 2.0 Inkjet-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\nik Sharpener Pro 2.0 Inkjet\uninstal.log
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA Performance-->"C:\Program Files\InstallShield Installation Information\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA Performance-->MsiExec.exe /I{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}
NVIDIA System Monitor-->"C:\Program Files\InstallShield Installation Information\{5887D64D-2663-43FB-B4BD-7464C56AB425}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA System Monitor-->MsiExec.exe /I{5887D64D-2663-43FB-B4BD-7464C56AB425}
OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
PhotoCAL-->C:\WINDOWS\unvise32.exe C:\Program Files\PANTONE COLORVISION\PhotoCAL\uninstal.log
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
Qimage-->C:\PROGRA~1\Qimage\UNWISE.EXE C:\PROGRA~1\Qimage\INSTALL.LOG
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\Documents and Settings\All Users\Application Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SP2200 Canvas-Luster Premium ICC Profiles-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6224C583-094C-4734-99CD-F6B3DFD3FCAB}\Setup.exe" -l0x9 anything
SP2200 EnhancedMatte Premium ICC Profiles-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA42DB1B-CA81-48FC-B625-DAF2FAF7ECB0}\Setup.exe" -l0x9 anything
SP2200 Prem.Glossy Premium ICC Profiles-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E914F-7F58-49C2-A6BB-C93BA836DF23}\Setup.exe" -l0x9 anything
SP2200 Prem.Semigloss Premium ICC Profiles-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB613005-5353-49A7-AC2B-F5163AC157D2}\Setup.exe" -l0x9 anything
SP2200 VelvetFineArt Premium ICC Profiles-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57908758-8987-4B40-9FB6-F804833BFB2F}\Setup.exe" -l0x9 anything
SP2200 Wtrclr-RW Premium ICC Profiles-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDAEA64-31A0-4E2F-9113-1D5A73F7F161}\Setup.exe" -l0x9 anything
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Window Washer 5-->C:\WINDOWS\Unwash5.exe
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->C:\DOCUME~1\Branko\Desktop\DOWNLO~1\winzip\WinZip\winzip32.exe /uninstall
WW2 Pacific Heroes-->"C:\Program Files\Pacific Heroes\ReflexiveArcade\unins000.exe"

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AV: AVG Anti-Virus
AV: Kaspersky Internet Security
FW: Kaspersky Internet Security

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool (written by random/random)
Run by Branko at 2008-09-09 22:17:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 544 GB (76%) free of 712 GB
Total RAM: 3325 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:33 PM, on 9/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Altec Lansing\AMS\ALServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Altec Lansing\AMS\guialtn.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Branko\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Branko.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1DA7512B-CFEA-4BCD-BE6F-56D386A5D428} - C:\WINDOWS\system32\xxyWMCTL.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ALServ] "C:\Program Files\Altec Lansing\AMS\ALServ.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1007\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (User 'Deca')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1007\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 (User 'Deca')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-500\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (User 'Administrator')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PhotoCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\PhotoCAL\PhotoCAL.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2594377500
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,dgdzsc.dll,ulluzs.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: rqRHyYqo - rqRHyYqo.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13900 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Pareto UNS.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DA7512B-CFEA-4BCD-BE6F-56D386A5D428}]
C:\WINDOWS\system32\xxyWMCTL.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-29 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-04 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-05-26 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll [2008-08-17 651760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-05-26 2549368]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-14 8523776]
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe [2007-10-26 184352]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-01-14 16855552]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-01-14 69632]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2007-09-17 124200]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-01 29744]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2008-02-28 17920]
"Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-07-29 185896]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"ALServ"=C:\Program Files\Altec Lansing\AMS\ALServ.exe [1998-05-26 87040]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-03-11 202544]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-04 1235736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2008-01-15 106496]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-01 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-03-11 202544]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 1421824]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]
"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe [2004-05-18 622592]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2004-11-01 3070976]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
PhotoCAL Startup.lnk - C:\Program Files\PANTONE COLORVISION\PhotoCAL\PhotoCAL.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\google\google~2\goec62~1.dll,dgdzsc.dll,ulluzs.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-07-29 10536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRHyYqo]
rqRHyYqo.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\xxyWMCTL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-09 22:17:17 ----D---- C:\rsit
2008-09-06 23:29:24 ----D---- C:\Documents and Settings\Branko\Application Data\Malwarebytes
2008-09-06 23:29:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 23:29:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 14:34:22 ----A---- C:\WINDOWS\wininit.ini
2008-09-06 14:01:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-06 14:01:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-06 13:43:29 ----D---- C:\Program Files\Lavasoft
2008-09-06 12:46:26 ----D---- C:\Program Files\Webroot
2008-09-06 12:46:26 ----D---- C:\Program Files\Common Files\Webroot Shared
2008-09-06 12:46:26 ----D---- C:\Documents and Settings\Branko\Application Data\Webroot
2008-09-06 12:46:03 ----A---- C:\WINDOWS\Unwash5.exe
2008-09-05 23:57:23 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-05 23:57:17 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-05 23:57:17 ----D---- C:\Documents and Settings\Branko\Application Data\SUPERAntiSpyware.com
2008-09-05 23:57:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 02:08:08 ----HD---- C:\$AVG8.VAULT$
2008-09-04 23:29:38 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-09-04 23:29:26 ----D---- C:\Program Files\AVG
2008-09-04 23:29:26 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-01 14:05:49 ----D---- C:\Documents and Settings\Branko\Application Data\Opera
2008-08-23 00:07:51 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-23 00:04:53 ----D---- C:\Program Files\NOS
2008-08-23 00:04:53 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-19 22:01:56 ----D---- C:\Program Files\Kaspersky Lab
2008-08-19 22:01:56 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-18 20:26:53 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-17 23:09:25 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-17 19:14:35 ----D---- C:\Program Files\SpywareBlaster
2008-08-17 18:48:16 ----SHD---- C:\WINDOWS\CSC
2008-08-17 18:48:10 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-17 12:56:35 ----A---- C:\WINDOWS\system32\VundoFixSVC.exe
2008-08-17 12:48:21 ----D---- C:\VundoFix Backups
2008-08-17 12:48:21 ----A---- C:\VundoFix.txt
2008-08-17 12:31:21 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-08-17 10:44:57 ----D---- C:\Program Files\Enigma Software Group
2008-08-17 08:12:46 ----SH---- C:\WINDOWS\system32\opbpsxrk.ini
2008-08-17 08:09:34 ----ASH---- C:\WINDOWS\system32\QtAGPXyb.ini2
2008-08-17 08:09:34 ----ASH---- C:\WINDOWS\system32\QtAGPXyb.ini
2008-08-17 03:37:42 ----SH---- C:\WINDOWS\system32\ipukbjit.ini
2008-08-17 00:28:56 ----SH---- C:\WINDOWS\system32\bwdwvgas.ini
2008-08-17 00:25:41 ----ASH---- C:\WINDOWS\system32\LTCMWyxx.ini2
2008-08-17 00:25:41 ----ASH---- C:\WINDOWS\system32\LTCMWyxx.ini
2008-08-16 23:27:33 ----D---- C:\Documents and Settings\Branko\Application Data\WinRAR
2008-08-16 23:11:17 ----HD---- C:\WINDOWS\PIF
2008-08-16 22:50:41 ----SH---- C:\WINDOWS\system32\swmrwwma.ini
2008-08-16 22:47:56 ----A---- C:\WINDOWS\system32\0391f468-.txt
2008-08-16 22:47:30 ----ASH---- C:\WINDOWS\system32\LUFOnnmp.ini2
2008-08-16 22:47:30 ----ASH---- C:\WINDOWS\system32\LUFOnnmp.ini
2008-08-16 22:27:22 ----D---- C:\Program Files\WinRAR
2008-08-16 22:24:52 ----A---- C:\WINDOWS\winzip32.ini
2008-08-16 22:13:39 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-16 22:13:38 ----D---- C:\Documents and Settings\Branko\Application Data\Azureus
2008-08-16 17:27:38 ----D---- C:\Program Files\PeerGuardian2
2008-08-16 16:26:23 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-13 03:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-13 03:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-13 03:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 03:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-13 03:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 03:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-13 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-11 22:11:27 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-11 21:58:22 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-08-09 02:51:00 ----D---- C:\Program Files\iPod
2008-08-09 02:46:32 ----D---- C:\Program Files\Safari
2008-08-08 16:48:33 ----D---- C:\Program Files\Juniper Networks
2008-08-08 16:48:26 ----D---- C:\Documents and Settings\Branko\Application Data\Juniper Networks
2008-08-08 16:46:39 ----D---- C:\Program Files\Sun
2008-08-08 16:46:34 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-08 16:46:34 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-08 16:46:34 ----A---- C:\WINDOWS\system32\java.exe
2008-08-05 21:03:18 ----D---- C:\Program Files\EPSON GrayBalancer
2008-08-02 21:10:30 ----D---- C:\Program Files\ALTEC LANSING
2008-07-30 20:13:28 ----D---- C:\Documents and Settings\Branko\Application Data\DataSafeOnline
2008-07-30 20:07:52 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-07-30 20:07:31 ----D---- C:\Program Files\Dell Support Center
2008-07-30 20:07:31 ----D---- C:\Program Files\Common Files\supportsoft
2008-07-30 20:01:04 ----A---- C:\WINDOWS\system32\mfc45.dll
2008-07-30 20:01:02 ----D---- C:\Documents and Settings\Branko\Application Data\iolo
2008-07-30 20:01:02 ----D---- C:\Documents and Settings\All Users\Application Data\iolo
2008-07-29 23:58:46 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
2008-07-29 23:55:08 ----D---- C:\Documents and Settings\All Users\Application Data\Citrix
2008-07-29 23:54:46 ----D---- C:\Program Files\Citrix
2008-07-29 23:32:09 ----D---- C:\Program Files\Intel Corporation
2008-07-29 22:08:51 ----D---- C:\Program Files\Common Files\xing shared
2008-07-29 22:08:48 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-07-29 22:08:44 ----D---- C:\Program Files\Real
2008-07-29 22:08:44 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-07-29 22:08:44 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-07-29 22:08:44 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-07-29 22:08:43 ----D---- C:\Program Files\Common Files\Real
2008-07-29 22:08:43 ----D---- C:\Documents and Settings\Branko\Application Data\Real
2008-07-29 22:07:38 ----D---- C:\WINDOWS\system32\runtime
2008-07-29 22:07:25 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-29 20:21:42 ----A---- C:\WINDOWS\system32\klogon.dll
2008-07-20 22:32:12 ----D---- C:\Documents and Settings\Branko\Application Data\AdobeUM
2008-07-20 21:37:10 ----D---- C:\Documents and Settings\Branko\Application Data\Roxio
2008-07-20 16:28:23 ----A---- C:\WINDOWS\OpPrintServer.INI
2008-07-19 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-07-19 03:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-18 18:56:40 ----D---- C:\WINDOWS\Prefetch
2008-07-18 18:54:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-07-18 18:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-07-18 18:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-07-18 18:52:02 ----D---- C:\WINDOWS\system32\scripting
2008-07-18 18:52:02 ----D---- C:\WINDOWS\l2schemas
2008-07-18 18:52:01 ----D---- C:\WINDOWS\system32\en
2008-07-18 18:52:01 ----D---- C:\WINDOWS\system32\bits
2008-07-18 18:50:21 ----D---- C:\WINDOWS\ServicePackFiles
2008-07-18 18:48:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-07-18 18:45:45 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-07-18 18:45:44 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-07-18 18:45:44 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-07-18 18:45:44 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-07-18 18:45:42 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-07-18 18:45:41 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-07-18 18:45:40 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-07-18 18:45:40 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-07-18 18:45:39 ----N---- C:\WINDOWS\system32\slserv.exe
2008-07-18 18:45:39 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-07-18 18:45:39 ----N---- C:\WINDOWS\system32\slgen.dll
2008-07-18 18:45:39 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-07-18 18:45:39 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-07-18 18:45:39 ----N---- C:\WINDOWS\slrundll.exe
2008-07-18 18:45:38 ----N---- C:\WINDOWS\system32\setupn.exe
2008-07-18 18:45:38 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-07-18 18:45:37 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-07-18 18:45:37 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-07-18 18:45:37 ----N---- C:\WINDOWS\system32\qutil.dll
2008-07-18 18:45:37 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-07-18 18:45:37 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-07-18 18:45:37 ----N---- C:\WINDOWS\system32\qagent.dll
2008-07-18 18:45:36 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-07-18 18:45:36 ----N---- C:\WINDOWS\system32\onex.dll
2008-07-18 18:45:34 ----N---- C:\WINDOWS\system32\napstat.exe
2008-07-18 18:45:34 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-07-18 18:45:34 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-07-18 18:45:34 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-07-18 18:45:33 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-07-18 18:45:33 ----N---- C:\WINDOWS\system32\mssha.dll
2008-07-18 18:45:33 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-07-18 18:45:30 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-07-18 18:45:29 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-07-18 18:45:29 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-07-18 18:45:29 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-07-18 18:45:29 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-07-18 18:45:27 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-07-18 18:45:27 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-07-18 18:45:26 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-07-18 18:45:26 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-07-18 18:45:26 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-07-18 18:45:26 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-07-18 18:45:24 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-07-18 18:45:24 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-07-18 18:45:23 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-07-18 18:45:22 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-07-18 18:45:21 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-07-18 18:45:21 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-07-18 18:45:21 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-07-18 18:45:21 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-07-18 18:45:21 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-07-18 18:45:21 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-07-18 18:45:21 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-07-18 18:45:21 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-07-18 18:45:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-07-18 18:45:21 ----A---- C:\WINDOWS\002845_.tmp
2008-07-18 18:45:20 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-07-18 18:45:20 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-07-18 18:45:20 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-07-18 18:45:20 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-07-18 18:45:20 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-07-18 18:45:20 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-07-18 18:45:20 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-07-18 18:45:20 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-07-18 18:45:20 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-07-18 18:45:20 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-07-18 18:45:19 ----N---- C:\WINDOWS\system32\credssp.dll
2008-07-18 18:45:18 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-07-18 18:45:18 ----N---- C:\WINDOWS\system32\azroles.dll
2008-07-18 18:45:17 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-07-18 18:45:17 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-07-18 18:45:17 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-07-18 18:45:17 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-07-18 18:45:17 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-07-18 18:45:17 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-07-18 18:45:17 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-07-18 18:45:16 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-07-16 20:39:00 ----D---- C:\Documents and Settings\Branko\Application Data\Apple Computer
2008-07-16 20:38:47 ----D---- C:\Program Files\iTunes
2008-07-16 20:38:39 ----D---- C:\Program Files\Bonjour
2008-07-16 20:38:18 ----D---- C:\Program Files\QuickTime
2008-07-16 20:38:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-16 20:37:35 ----D---- C:\Program Files\Apple Software Update
2008-07-16 20:37:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-07-16 20:37:17 ----D---- C:\Program Files\Common Files\Apple
2008-07-10 21:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-07-10 21:54:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-07-10 21:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-07-10 21:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-07-07 19:50:21 ----D---- C:\WINDOWS\Minidump
2008-07-07 14:54:42 ----D---- C:\WINDOWS\system32\LogFiles
2008-06-25 19:12:27 ----D---- C:\Program Files\NETGEAR WG311v2 Adapter
2008-06-25 19:12:13 ----D---- C:\Documents and Settings\All Users\Application Data\{70FE9869-8D38-4EB3-8541-A735C2285CF7}
2008-06-22 20:10:48 ----D---- C:\Linksys Driver
2008-06-19 09:10:03 ----D---- C:\WINDOWS\SxsCaPendDel
2008-06-11 18:31:31 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-10 19:48:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 19:48:05 ----D---- C:\Program Files\DeerDrive_at

List of drivers

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-08-19 213008]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\system32\System32\Drivers\avgtdix.sys []
R3 al60;al60; C:\WINDOWS\system32\al60.sys [1998-05-10 16384]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2008-04-07 23552]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-14 4620288]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 netwg311;NETGEAR WG311v2 802.11g Wireless PCI Adapter; C:\WINDOWS\system32\DRIVERS\netwg311.sys [2004-06-17 386688]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-01-14 7433312]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-01-14 54016]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-01-14 22016]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2008-06-25 62865]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 BCM43XX;802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2003-02-11 166272]
S3 cvspydr2;ColorVision Spyder 2; C:\WINDOWS\system32\DRIVERS\cvspydr2.sys [2002-04-02 33024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys [2003-06-24 95232]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\D:\AutoRun\PCANDIS5.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WMP11V27;Instant Wireless PCI Card V2.7 Driver; C:\WINDOWS\system32\DRIVERS\WMP11V27.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agp440.sys []
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\agpCPQ.sys []
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\alim1541.sys []
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\system32\DRIVERS\amdagp.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\system32\DRIVERS\cbidf2k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\system32\DRIVERS\intelide.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\sisagp.sys []
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\system32\DRIVERS\viaagp.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-04 231704]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2008-04-07 419184]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2003-12-05 73728]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2003-11-12 94208]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-29 137200]
R2 nTuneService;Performance Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2008-01-15 155648]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-14 155716]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 202544]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-27 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-11 654848]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-01 29744]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-07-29 16680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]

-----------------EOF-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:01 PM, on 9/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Altec Lansing\AMS\ALServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Altec Lansing\AMS\guialtn.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1DA7512B-CFEA-4BCD-BE6F-56D386A5D428} - C:\WINDOWS\system32\xxyWMCTL.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ALServ] "C:\Program Files\Altec Lansing\AMS\ALServ.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1007\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (User 'Deca')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1007\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 (User 'Deca')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-500\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (User 'Administrator')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PhotoCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\PhotoCAL\PhotoCAL.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2594377500
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,dgdzsc.dll,ulluzs.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: rqRHyYqo - rqRHyYqo.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13919 bytes
branko
Regular Member
 
Posts: 44
Joined: September 6th, 2008, 9:01 pm

Re: virumonde problem

Unread postby Axephilic » September 12th, 2008, 3:13 pm

Hello branko,

We are going to reinstall AVG so that we can uninstall it correctly, if that makes any sense. ;)

Please go here to download AVG, and please download whichever one you have. Make sure you save this file, and do not just run it from the download prompt. Run the file and select Repair Installation when you see that option in the installer. Then, try to uninstall it normally again.

Let me know if it works or not and/or if you have any questions. :)


Please download DAFT from here to your Desktop.

  • Double click daft to run the application
  • Click on the Scan button.
  • Place a checkmark next to the following entries in case they appear:

    .reg
    .scr


    Note: If any other file asscosiations are flagged as corrupt please place a checkmark against them also.
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt
  • If everything is ok again, it should display the all associations ok message
  • Please post back the results of daft.txt in your next reply


Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    O2 - BHO: (no name) - {1DA7512B-CFEA-4BCD-BE6F-56D386A5D428} - C:\WINDOWS\system32\xxyWMCTL.dll (file missing)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O20 - Winlogon Notify: rqRHyYqo - rqRHyYqo.dll (file missing)
Close all open windows and click on Fix checked and when you get a popup window click on Yes.


Fix registry entries

Warning. Please note that this fix is specific for this poster and should not be used by anyone else:

1.Backup Your Registry with ERUNT
  • Please download ERUNT from here.
  • Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: To restore your registry, go to the folder and start ERDNT.exe

2. Please do this:
  • Copy the contents of the Code Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
Code: Select all
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\google\google~2\goec62~1.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Make sure there are NO blank lines before REGEDIT4

Then double-click on the fix.reg file, and when it prompts to merge say yes.


Run OTMoveIt2 by OldTimer
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\WINDOWS\system32\opbpsxrk.ini
    C:\WINDOWS\system32\QtAGPXyb.ini2
    C:\WINDOWS\system32\QtAGPXyb.ini
    C:\WINDOWS\system32\ipukbjit.ini
    C:\WINDOWS\system32\bwdwvgas.ini
    C:\WINDOWS\system32\LTCMWyxx.ini2
    C:\WINDOWS\system32\LTCMWyxx.ini
    C:\WINDOWS\system32\swmrwwma.ini
    C:\WINDOWS\system32\0391f468-.txt
    C:\WINDOWS\system32\LUFOnnmp.ini2
    C:\WINDOWS\system32\LUFOnnmp.ini
    C:\WINDOWS\system32\xxyWMCTL.dll
    C:\WINDOWS\ALCMTR.EXE
    C:\dgdzsc.dll /s
    C:\ulluzs.dll /s
    C:\rqRHyYqo.dll /s
    C:\Documents and Settings\Branko\Application Data\Azureus
    C:\Documents and Settings\All Users\Application Data\Azureus
    

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

In your next reply, please include:
  1. DAFT.txt log
  2. OTMoveIt log
  3. Kaspersky report
  4. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: virumonde problem

Unread postby branko » September 13th, 2008, 12:37 pm

Adam,


I did as you requested. I could not repair and uninstall avg - i tried repair, install , uninstall and always got error
message that "sojmething bad happened with application", so I let it stay as is. When I was downloading Kaspersky on-line
scan tool, there was a message that klif.sys was not loaded and I got a blue scree and had to rebbot PC. SInce I had kaspersky antivirus
already downloaded and installed, I ran that one and log is down below.

Thanks.
Branko

DAFT Log saved on 2008-09-12 21:42:08
-----------------------------------------------------------------------
All associations okay!

C:\WINDOWS\system32\opbpsxrk.ini moved successfully.
C:\WINDOWS\system32\QtAGPXyb.ini2 moved successfully.
C:\WINDOWS\system32\QtAGPXyb.ini moved successfully.
C:\WINDOWS\system32\ipukbjit.ini moved successfully.
C:\WINDOWS\system32\bwdwvgas.ini moved successfully.
C:\WINDOWS\system32\LTCMWyxx.ini2 moved successfully.
C:\WINDOWS\system32\LTCMWyxx.ini moved successfully.
C:\WINDOWS\system32\swmrwwma.ini moved successfully.
C:\WINDOWS\system32\0391f468-.txt moved successfully.
C:\WINDOWS\system32\LUFOnnmp.ini2 moved successfully.
C:\WINDOWS\system32\LUFOnnmp.ini moved successfully.
File/Folder C:\WINDOWS\system32\xxyWMCTL.dll not found.
C:\WINDOWS\ALCMTR.EXE moved successfully.
< C:\dgdzsc.dll /s >
File/Folder C:\dgdzsc.dll not found.
< C:\ulluzs.dll /s >
File/Folder C:\ulluzs.dll not found.
< C:\rqRHyYqo.dll /s >
File/Folder C:\rqRHyYqo.dll not found.
C:\Documents and Settings\Branko\Application Data\Azureus\torrents moved successfully.
C:\Documents and Settings\Branko\Application Data\Azureus\tmp moved successfully.
C:\Documents and Settings\Branko\Application Data\Azureus\shares moved successfully.
C:\Documents and Settings\Branko\Application Data\Azureus\plugins moved successfully.
C:\Documents and Settings\Branko\Application Data\Azureus\net moved successfully.
C:\Documents and Settings\Branko\Application Data\Azureus\media\azpd moved successfully.
C:\Documents and Settings\Branko\Application Data\Azureus\media moved successfully.
C:\Documents and Settings\Branko\Application Data\Azureus\logs\save moved successfully.
C:\Documents and Settings\Branko\Application Data\Azureus\logs moved successfully.
C:\Documents and Settings\Branko\Application Data\Azureus\dht moved successfully.
C:\Documents and Settings\Branko\Application Data\Azureus\active moved successfully.
C:\Documents and Settings\Branko\Application Data\Azureus moved successfully.
C:\Documents and Settings\All Users\Application Data\Azureus moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09122008_215647

Full Scan: completed 9/13/2008 1:23:40 AM (events: 163, objects: 1104371, time: 02:43:13)
8/19/2008 10:08:00 PM Task started
8/19/2008 10:10:08 PM Task completed
Full Scan: completed 9/13/2008 1:23:40 AM (events: 163, objects: 1104371, time: 02:43:13)
8/19/2008 10:22:52 PM Task started
8/19/2008 10:22:52 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\biueng.dll/UPX
8/19/2008 10:22:52 PM Will be deleted on system restart: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\biueng.dll
8/19/2008 10:22:53 PM Disinfected: not-a-virus:AdWare.Win32.SuperJuan.cqn HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
8/19/2008 10:23:02 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\radjlk.dll/UPX
8/19/2008 10:23:02 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\radjlk.dll/UPX Skipped by user
8/19/2008 10:23:02 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\biueng.dll/UPX
8/19/2008 10:23:03 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\radjlk.dll/UPX
8/19/2008 10:23:03 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\radjlk.dll/UPX Skipped by user
8/19/2008 10:23:03 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\biueng.dll/UPX
8/19/2008 10:23:12 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\radjlk.dll/UPX
8/19/2008 10:23:20 PM Task completed
Full Scan: completed 9/13/2008 1:23:40 AM (events: 163, objects: 1104371, time: 02:43:13)
8/19/2008 10:28:38 PM Task started
8/19/2008 10:29:17 PM Detected: http://www.viruslist.com/en/advisories/23483 c:\program files\adobe\acrobat 6.0\acrobat\acrobat.exe
8/19/2008 10:30:31 PM Detected: Trojan.Win32.Monderb.fim c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/crack.exe/#
8/19/2008 10:30:31 PM Untreated: Trojan.Win32.Monderb.fim c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/crack.exe/# Postponed
8/19/2008 10:30:31 PM Detected: Trojan.Win32.Monderb.fho c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/crack.exe/#
8/19/2008 10:30:31 PM Detected: Trojan.Win32.Monderb.fho c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/crack.exe/#
8/19/2008 10:30:31 PM Detected: Heur.Invader c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/crack.exe
8/19/2008 10:30:31 PM Detected: Trojan-Downloader.Win32.Small.yrh c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/serial.exe
8/19/2008 10:30:31 PM Detected: Trojan-Downloader.Win32.Small.yxa c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/number.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
8/19/2008 10:30:31 PM Detected: Trojan-Downloader.Win32.FraudLoad.vbaf c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/keygen.exe
8/19/2008 10:30:50 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0012306.dll/UPX
8/19/2008 10:30:50 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0012306.dll/UPX Postponed
8/19/2008 10:30:50 PM Detected: Trojan.Win32.Monder.fpp c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0011486.dll/UPX
8/19/2008 10:30:50 PM Untreated: Trojan.Win32.Monder.fpp c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0011486.dll/UPX Postponed
8/19/2008 10:30:50 PM Detected: Heur.Trojan.Generic c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0012307.dll
8/19/2008 10:30:50 PM Untreated: Heur.Trojan.Generic c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0012307.dll Postponed
8/19/2008 10:30:51 PM Detected: Trojan-Downloader.Win32.FraudLoad.vbae c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012319.dll
8/19/2008 10:30:51 PM Untreated: Trojan-Downloader.Win32.FraudLoad.vbae c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012319.dll Postponed
8/19/2008 10:30:53 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqs c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012358.dll
8/19/2008 10:30:53 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqs c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012358.dll Postponed
8/19/2008 10:30:53 PM Detected: Trojan.Win32.Monder.fpp c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012357.dll/UPX
8/19/2008 10:30:53 PM Untreated: Trojan.Win32.Monder.fpp c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012357.dll/UPX Postponed
8/19/2008 10:30:53 PM Detected: Trojan.Win32.Monderb.fho c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012359.dll
8/19/2008 10:30:53 PM Untreated: Trojan.Win32.Monderb.fho c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012359.dll Postponed
8/19/2008 10:30:53 PM Detected: Trojan.Win32.Monder.frx c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012360.dll
8/19/2008 10:30:53 PM Untreated: Trojan.Win32.Monder.frx c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012360.dll Postponed
8/19/2008 10:31:07 PM Detected: Trojan.Win32.Monderb.fho c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0012523.dll
8/19/2008 10:31:07 PM Untreated: Trojan.Win32.Monderb.fho c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0012523.dll Postponed
8/19/2008 10:32:08 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034645.dll/UPX
8/19/2008 10:32:08 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034645.dll/UPX Postponed
8/19/2008 10:32:08 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034646.dll/UPX
8/19/2008 10:32:08 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034646.dll/UPX Postponed
8/19/2008 10:47:54 PM Detected: http://www.viruslist.com/en/advisories/30937 c:\Documents and Settings\Branko\Local Settings\Temp\Patcher\Patcher2340\StagingArea\1313.dll
8/19/2008 10:47:54 PM Detected: http://www.viruslist.com/en/advisories/30937 c:\Documents and Settings\Branko\Local Settings\Temp\Patcher\Patcher2340\StagingArea\1313
8/19/2008 10:49:43 PM Detected: http://www.viruslist.com/en/advisories/30937 c:\Documents and Settings\Branko\Local Settings\Temp\Patcher\Patcher4380\StagingArea\4589
8/19/2008 10:49:43 PM Detected: http://www.viruslist.com/en/advisories/30937 c:\Documents and Settings\Branko\Local Settings\Temp\Patcher\Patcher4380\StagingArea\4589.dll
8/19/2008 10:50:09 PM Detected: Trojan.Win32.Monder.fpp c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\04KDRLNF\cntr[1]/UPX
8/19/2008 10:50:09 PM Untreated: Trojan.Win32.Monder.fpp c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\04KDRLNF\cntr[1]/UPX Postponed
8/19/2008 10:51:21 PM Detected: Heur.Trojan.Generic c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\kb456456[1]
8/19/2008 10:51:21 PM Untreated: Heur.Trojan.Generic c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\kb456456[1] Postponed
8/19/2008 10:52:08 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\kb767887[1]/UPX
8/19/2008 10:52:08 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\kb767887[1]/UPX Postponed
8/19/2008 10:53:17 PM Detected: Trojan.Win32.Monder.fpp c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\XDK4K9O6\cntr[1]/UPX
8/19/2008 10:53:17 PM Untreated: Trojan.Win32.Monder.fpp c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\XDK4K9O6\cntr[1]/UPX Postponed
8/19/2008 10:55:08 PM Detected: Exploit.Java.Gimsh.a c:\Documents and Settings\Deca\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-4df0096a.zip/vmain.class
8/19/2008 10:55:08 PM Untreated: Exploit.Java.Gimsh.a c:\Documents and Settings\Deca\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-4df0096a.zip/vmain.class Postponed
8/19/2008 10:55:36 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqs c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\kb767887[1]
8/19/2008 10:55:36 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqs c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\kb767887[1] Postponed
8/19/2008 10:55:53 PM Detected: Trojan.Win32.Monder.frx c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\kb456456[1]
8/19/2008 10:55:53 PM Untreated: Trojan.Win32.Monder.frx c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\kb456456[1] Postponed
8/19/2008 10:56:19 PM Detected: Heur.Trojan.Generic c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\GVRE3PL2\cntr[1]
8/19/2008 10:56:19 PM Untreated: Heur.Trojan.Generic c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\GVRE3PL2\cntr[1] Postponed
8/19/2008 11:04:09 PM Detected: http://www.viruslist.com/en/advisories/28083 c:\i386\Flash9e.ocx
8/19/2008 11:04:17 PM Detected: http://www.viruslist.com/en/advisories/31010 c:\i386\java.exe
8/19/2008 11:04:17 PM Detected: http://www.viruslist.com/en/advisories/31010 c:\i386\javaws.exe
8/19/2008 11:05:20 PM Detected: http://www.viruslist.com/en/advisories/28083 c:\i386\swflash.ocx
8/19/2008 11:05:50 PM Detected: http://www.viruslist.com/en/advisories/23483 c:\program files\adobe\acrobat 6.0\acrobat\acrobat.exe
8/19/2008 11:07:20 PM Detected: http://www.viruslist.com/en/advisories/28083 c:\program files\adobe\Adobe Bridge CS3\browser\plugins\NPSWF32.dll
8/19/2008 11:08:26 PM Detected: http://www.viruslist.com/en/advisories/25023 c:\program files\adobe\Adobe Photoshop CS2\Plug-Ins\File Formats\BMP.8BI
8/19/2008 11:14:50 PM Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Java\jre1.5.0_06\bin\java.exe
8/19/2008 11:14:50 PM Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Java\jre1.5.0_06\bin\javaws.exe
8/19/2008 11:18:05 PM Detected: Trojan.Win32.Monderb.fho c:\VundoFix Backups\iifExXpq.dll.bad
8/19/2008 11:18:05 PM Untreated: Trojan.Win32.Monderb.fho c:\VundoFix Backups\iifExXpq.dll.bad Postponed
8/19/2008 11:22:51 PM Detected: Trojan.Win32.Monder.fth c:\windows\system32\byXPGAtQ.dll
8/19/2008 11:22:52 PM Untreated: Trojan.Win32.Monder.fth c:\windows\system32\byXPGAtQ.dll Postponed
8/19/2008 11:23:00 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\kpqhpfyb.dll/UPX
8/19/2008 11:23:01 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\kpqhpfyb.dll/UPX Postponed
8/19/2008 11:23:06 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqs c:\windows\system32\mxxtspik.dll
8/19/2008 11:23:07 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqs c:\windows\system32\mxxtspik.dll Postponed
8/19/2008 11:23:14 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\ruraflvv.dll/UPX
8/19/2008 11:23:14 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\ruraflvv.dll/UPX Postponed
8/19/2008 11:23:14 PM Detected: Heur.Trojan.Generic c:\windows\system32\sagvwdwb.dll
8/19/2008 11:23:14 PM Untreated: Heur.Trojan.Generic c:\windows\system32\sagvwdwb.dll Postponed
8/19/2008 11:23:17 PM Detected: Heur.Trojan.Generic c:\windows\system32\tijbkupi.dll
8/19/2008 11:23:17 PM Untreated: Heur.Trojan.Generic c:\windows\system32\tijbkupi.dll Postponed
8/19/2008 11:23:22 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\xpujukrl.dll/UPX
8/19/2008 11:23:23 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\xpujukrl.dll/UPX Postponed
8/19/2008 11:23:35 PM Detected: http://www.viruslist.com/en/advisories/28083 c:\windows\system32\Macromed\Flash\Flash9e.ocx
8/19/2008 11:47:49 PM Detected: not-a-virus:AdWare.Win32.MyWay.ac E:\misc\freeripmp3.exe/data0012
8/19/2008 11:47:50 PM Untreated: not-a-virus:AdWare.Win32.MyWay.ac E:\misc\freeripmp3.exe/data0012 Postponed
8/19/2008 11:47:57 PM Detected: not-a-virus:AdWare.Win32.MyWay.j E:\misc\RosoftCDExtractorFree.exe/data0012
8/19/2008 11:47:59 PM Untreated: not-a-virus:AdWare.Win32.MyWay.j E:\misc\RosoftCDExtractorFree.exe/data0012 Postponed
8/19/2008 11:47:59 PM Detected: not-a-virus:AdWare.Win32.180Solutions E:\misc\RosoftCDExtractorFree.exe/data0015
8/19/2008 11:47:59 PM Detected: not-a-virus:AdWare.Win32.BookedSpace.a E:\misc\setupcdripper.exe/WISE0016.BIN/data0002
8/19/2008 11:48:00 PM Untreated: not-a-virus:AdWare.Win32.BookedSpace.a E:\misc\setupcdripper.exe/WISE0016.BIN/data0002 Postponed
8/19/2008 11:48:00 PM Detected: not-a-virus:AdWare.Win32.BargainBuddy.v E:\misc\setupcdripper.exe/WISE0017.BIN/data0002
8/19/2008 11:48:00 PM Detected: not-a-virus:AdWare.Win32.BargainBuddy.a E:\misc\setupcdripper.exe/WISE0017.BIN/data0003
8/19/2008 11:48:00 PM Detected: not-a-virus:AdWare.Win32.SaveNow.e E:\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/Save.exe
8/19/2008 11:48:00 PM Detected: not-a-virus:AdWare.Win32.SaveNow.bl E:\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/SaveUninst.exe
8/19/2008 11:48:00 PM Detected: not-a-virus:AdWare.Win32.SaveNow E:\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/Weather\Weather.exe
8/19/2008 11:48:00 PM Detected: not-a-virus:AdWare.Win32.SaveNow.bl E:\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/Weather\Uninst.exe
8/19/2008 11:48:00 PM Detected: not-a-virus:AdWare.Win32.EZula.p E:\misc\setupcdripper.exe/WISE0036.BIN
8/19/2008 11:51:21 PM Detected: not-a-virus:AdWare.Win32.Harmohol.a E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0012
8/19/2008 11:51:21 PM Untreated: not-a-virus:AdWare.Win32.Harmohol.a E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0012 Postponed
8/19/2008 11:51:21 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/wbhshare.dll
8/19/2008 11:51:21 PM Detected: not-a-virus:AdWare.Win32.WebHancer E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/Webhdll.dll
8/19/2008 11:51:21 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/WhAgent.exe
8/19/2008 11:51:21 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/whiehlpr.dll
8/19/2008 11:51:21 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/whieshm.dll
8/19/2008 11:51:21 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/whInstaller.exe
8/19/2008 11:51:21 PM Detected: not-a-virus:AdWare.Win32.SaveNow.bg E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0016/SaveNow.exe
8/19/2008 11:51:21 PM Detected: not-a-virus:AdWare.Win32.SaveNow.au E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0016/Uninst.exe
8/19/2008 11:51:24 PM Detected: http://www.viruslist.com/en/advisories/27361 E:\sa-punog-c-diska\sa-starog-zip-disks\5\Real1\RealPlayer\realplay.exe
8/19/2008 11:51:42 PM Detected: Trojan.Win32.Monder.fpp c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\04KDRLNF\cntr[1]/UPX
8/19/2008 11:51:44 PM Deleted: Trojan.Win32.Monder.fpp c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\04KDRLNF\cntr[1]
8/19/2008 11:51:44 PM Detected: Heur.Trojan.Generic c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\kb456456[1]
8/19/2008 11:51:44 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\kb767887[1]/UPX
8/19/2008 11:51:44 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\kb767887[1]/UPX Skipped by user
8/19/2008 11:51:44 PM Detected: Trojan.Win32.Monder.fpp c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\XDK4K9O6\cntr[1]/UPX
8/19/2008 11:51:44 PM Deleted: Trojan.Win32.Monder.fpp c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\XDK4K9O6\cntr[1]
8/19/2008 11:51:44 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqs c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\kb767887[1]
8/19/2008 11:51:44 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqs c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\2XCDIHAD\kb767887[1] Skipped by user
8/19/2008 11:51:44 PM Detected: Trojan.Win32.Monder.frx c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\kb456456[1]
8/19/2008 11:51:44 PM Deleted: Trojan.Win32.Monder.frx c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\kb456456[1]
8/19/2008 11:51:45 PM Detected: Heur.Trojan.Generic c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\GVRE3PL2\cntr[1]
8/19/2008 11:51:45 PM Detected: Trojan.Win32.Monder.fpp c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0011486.dll/UPX
8/19/2008 11:51:45 PM Deleted: Trojan.Win32.Monder.fpp c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\a0011486.dll
8/19/2008 11:51:45 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0012306.dll/UPX
8/19/2008 11:51:45 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0012306.dll/UPX Skipped by user
8/19/2008 11:51:45 PM Detected: Heur.Trojan.Generic c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0012307.dll
8/19/2008 11:51:45 PM Detected: Trojan-Downloader.Win32.FraudLoad.vbae c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012319.dll
8/19/2008 11:51:45 PM Deleted: Trojan-Downloader.Win32.FraudLoad.vbae c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012319.dll
8/19/2008 11:51:45 PM Detected: Trojan.Win32.Monder.fpp c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012357.dll/UPX
8/19/2008 11:51:45 PM Deleted: Trojan.Win32.Monder.fpp c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\a0012357.dll
8/19/2008 11:51:45 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqs c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012358.dll
8/19/2008 11:51:45 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqs c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012358.dll Skipped by user
8/19/2008 11:51:45 PM Detected: Trojan.Win32.Monderb.fho c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012359.dll
8/19/2008 11:51:45 PM Deleted: Trojan.Win32.Monderb.fho c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012359.dll
8/19/2008 11:51:45 PM Detected: Trojan.Win32.Monder.frx c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012360.dll
8/19/2008 11:51:45 PM Deleted: Trojan.Win32.Monder.frx c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP118\A0012360.dll
8/19/2008 11:51:45 PM Detected: Trojan.Win32.Monderb.fho c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0012523.dll
8/19/2008 11:51:45 PM Deleted: Trojan.Win32.Monderb.fho c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP121\A0012523.dll
8/19/2008 11:51:45 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034645.dll/UPX
8/19/2008 11:51:45 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034645.dll/UPX Skipped by user
8/19/2008 11:51:45 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034646.dll/UPX
8/19/2008 11:51:45 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034646.dll/UPX Skipped by user
8/19/2008 11:51:45 PM Detected: Trojan.Win32.Monderb.fho c:\VundoFix Backups\iifExXpq.dll.bad
8/19/2008 11:51:45 PM Deleted: Trojan.Win32.Monderb.fho c:\VundoFix Backups\iifExXpq.dll.bad
8/19/2008 11:51:45 PM Detected: Trojan.Win32.Monder.fth c:\windows\system32\byXPGAtQ.dll
8/19/2008 11:51:45 PM Deleted: Trojan.Win32.Monder.fth c:\windows\system32\byXPGAtQ.dll
8/19/2008 11:51:45 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\kpqhpfyb.dll/UPX
8/19/2008 11:51:45 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\kpqhpfyb.dll/UPX Skipped by user
8/19/2008 11:51:45 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqs c:\windows\system32\mxxtspik.dll
8/19/2008 11:51:45 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqs c:\windows\system32\mxxtspik.dll Skipped by user
8/19/2008 11:51:45 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\ruraflvv.dll/UPX
8/19/2008 11:51:45 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\ruraflvv.dll/UPX Skipped by user
8/19/2008 11:51:45 PM Detected: Heur.Trojan.Generic c:\windows\system32\sagvwdwb.dll
8/19/2008 11:51:46 PM Detected: Heur.Trojan.Generic c:\windows\system32\tijbkupi.dll
8/19/2008 11:51:46 PM Detected: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\xpujukrl.dll/UPX
8/19/2008 11:51:46 PM Untreated: not-a-virus:AdWare.Win32.SuperJuan.cqn c:\windows\system32\xpujukrl.dll/UPX Skipped by user
8/19/2008 11:51:46 PM Detected: not-a-virus:AdWare.Win32.MyWay.ac E:\misc\freeripmp3.exe/data0012
8/19/2008 11:51:46 PM Untreated: not-a-virus:AdWare.Win32.MyWay.ac E:\misc\freeripmp3.exe/data0012 Skipped by user
8/19/2008 11:51:48 PM Detected: not-a-virus:AdWare.Win32.MyWay.j E:\misc\RosoftCDExtractorFree.exe/data0012
8/19/2008 11:51:48 PM Untreated: not-a-virus:AdWare.Win32.MyWay.j E:\misc\RosoftCDExtractorFree.exe/data0012 Skipped by user
8/19/2008 11:51:48 PM Detected: not-a-virus:AdWare.Win32.180Solutions E:\misc\RosoftCDExtractorFree.exe/data0015
8/19/2008 11:51:48 PM Detected: not-a-virus:AdWare.Win32.BookedSpace.a E:\misc\setupcdripper.exe/WISE0016.BIN/data0002
8/19/2008 11:51:48 PM Untreated: not-a-virus:AdWare.Win32.BookedSpace.a E:\misc\setupcdripper.exe/WISE0016.BIN/data0002 Skipped by user
8/19/2008 11:51:48 PM Detected: not-a-virus:AdWare.Win32.BargainBuddy.v E:\misc\setupcdripper.exe/WISE0017.BIN/data0002
8/19/2008 11:51:48 PM Detected: not-a-virus:AdWare.Win32.BargainBuddy.a E:\misc\setupcdripper.exe/WISE0017.BIN/data0003
8/19/2008 11:51:48 PM Detected: not-a-virus:AdWare.Win32.SaveNow.e E:\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/Save.exe
8/19/2008 11:51:48 PM Detected: not-a-virus:AdWare.Win32.SaveNow.bl E:\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/SaveUninst.exe
8/19/2008 11:51:48 PM Detected: not-a-virus:AdWare.Win32.SaveNow E:\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/Weather\Weather.exe
8/19/2008 11:51:48 PM Detected: not-a-virus:AdWare.Win32.SaveNow.bl E:\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/Weather\Uninst.exe
8/19/2008 11:51:49 PM Detected: not-a-virus:AdWare.Win32.EZula.p E:\misc\setupcdripper.exe/WISE0036.BIN
8/19/2008 11:51:49 PM Detected: not-a-virus:AdWare.Win32.Harmohol.a E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0012
8/19/2008 11:51:49 PM Untreated: not-a-virus:AdWare.Win32.Harmohol.a E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0012 Skipped by user
8/19/2008 11:51:49 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/wbhshare.dll
8/19/2008 11:51:49 PM Detected: not-a-virus:AdWare.Win32.WebHancer E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/Webhdll.dll
8/19/2008 11:51:49 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/WhAgent.exe
8/19/2008 11:51:49 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/whiehlpr.dll
8/19/2008 11:51:49 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/whieshm.dll
8/19/2008 11:51:49 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/whInstaller.exe
8/19/2008 11:51:49 PM Detected: not-a-virus:AdWare.Win32.SaveNow.bg E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0016/SaveNow.exe
8/19/2008 11:51:49 PM Detected: not-a-virus:AdWare.Win32.SaveNow.au E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0016/Uninst.exe
8/19/2008 11:51:49 PM Detected: Exploit.Java.Gimsh.a c:\Documents and Settings\Deca\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-4df0096a.zip/vmain.class
8/19/2008 11:51:49 PM Deleted: Exploit.Java.Gimsh.a c:\Documents and Settings\Deca\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-4df0096a.zip/vmain.class
8/19/2008 11:51:49 PM Detected: Trojan.Win32.Monderb.fim c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/crack.exe/#
8/19/2008 11:51:49 PM Detected: Trojan.Win32.Monderb.fho c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/crack.exe/#
8/19/2008 11:51:49 PM Detected: Trojan.Win32.Monderb.fho c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/crack.exe/#
8/19/2008 11:51:49 PM Detected: Heur.Invader c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/crack.exe
8/19/2008 11:51:49 PM Detected: Trojan-Downloader.Win32.Small.yrh c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/serial.exe
8/19/2008 11:51:49 PM Detected: Trojan-Downloader.Win32.Small.yxa c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/number.exe/PE_Patch.Upolyx/PE_Patch.UPX/UPX
8/19/2008 11:51:49 PM Detected: Trojan-Downloader.Win32.FraudLoad.vbaf c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\A0012341.exe/keygen.exe
8/19/2008 11:51:49 PM Deleted: Trojan-Downloader.Win32.FraudLoad.vbaf c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP117\a0012341.exe
8/19/2008 11:51:50 PM Task completed
Full Scan: completed 9/13/2008 1:23:40 AM (events: 163, objects: 1104371, time: 02:43:13)
8/23/2008 12:26:12 AM Task started
8/23/2008 12:27:42 AM Detected: http://www.viruslist.com/en/advisories/23483 c:\program files\adobe\acrobat 6.0\acrobat\acrobat.exe
8/23/2008 12:29:20 AM Detected: Trojan.Win32.Monder.gge c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0012307.dll
8/23/2008 12:29:20 AM Untreated: Trojan.Win32.Monder.gge c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0012307.dll Postponed
8/23/2008 12:30:43 AM Detected: Trojan.Win32.Monder.gge c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034660.dll
8/23/2008 12:30:43 AM Untreated: Trojan.Win32.Monder.gge c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034660.dll Postponed
8/23/2008 12:30:43 AM Detected: Trojan.Win32.Monder.gge c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034659.dll
8/23/2008 12:30:43 AM Untreated: Trojan.Win32.Monder.gge c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034659.dll Postponed
8/23/2008 12:35:20 AM Detected: not-a-virus:AdWare.Win32.BookedSpace.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0016.BIN/data0002
8/23/2008 12:35:20 AM Untreated: not-a-virus:AdWare.Win32.BookedSpace.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0016.BIN/data0002 Postponed
8/23/2008 12:35:20 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.v E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0017.BIN/data0002
8/23/2008 12:35:20 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0017.BIN/data0003
8/23/2008 12:35:20 AM Detected: not-a-virus:AdWare.Win32.SaveNow.e E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/Save.exe
8/23/2008 12:35:20 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/SaveUninst.exe
8/23/2008 12:35:20 AM Detected: not-a-virus:AdWare.Win32.SaveNow E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/Weather\Weather.exe
8/23/2008 12:35:20 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/Weather\Uninst.exe
8/23/2008 12:35:20 AM Detected: not-a-virus:AdWare.Win32.MyWay.ac E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034664.exe/data0012
8/23/2008 12:35:20 AM Untreated: not-a-virus:AdWare.Win32.MyWay.ac E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034664.exe/data0012 Postponed
8/23/2008 12:35:21 AM Detected: not-a-virus:AdWare.Win32.Harmohol.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0012
8/23/2008 12:35:21 AM Untreated: not-a-virus:AdWare.Win32.Harmohol.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0012 Postponed
8/23/2008 12:35:21 AM Detected: not-a-virus:AdWare.Win32.EZula.p E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0036.BIN
8/23/2008 12:35:21 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/wbhshare.dll
8/23/2008 12:35:21 AM Detected: not-a-virus:AdWare.Win32.WebHancer E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/Webhdll.dll
8/23/2008 12:35:21 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/WhAgent.exe
8/23/2008 12:35:21 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/whiehlpr.dll
8/23/2008 12:35:21 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/whieshm.dll
8/23/2008 12:35:21 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/whInstaller.exe
8/23/2008 12:35:21 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bg E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0016/SaveNow.exe
8/23/2008 12:35:21 AM Detected: not-a-virus:AdWare.Win32.SaveNow.au E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0016/Uninst.exe
8/23/2008 12:35:25 AM Detected: not-a-virus:AdWare.Win32.MyWay.j E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034665.exe/data0012
8/23/2008 12:35:25 AM Untreated: not-a-virus:AdWare.Win32.MyWay.j E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034665.exe/data0012 Postponed
8/23/2008 12:35:25 AM Detected: not-a-virus:AdWare.Win32.180Solutions E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034665.exe/data0015
8/23/2008 12:47:29 AM Detected: http://www.viruslist.com/en/advisories/31549 c:\Documents and Settings\Branko\Local Settings\Temp\Patcher\Patcher2340\StagingArea\1313
8/23/2008 12:47:29 AM Detected: http://www.viruslist.com/en/advisories/31549 c:\Documents and Settings\Branko\Local Settings\Temp\Patcher\Patcher2340\StagingArea\1313.dll
8/23/2008 12:49:53 AM Detected: http://www.viruslist.com/en/advisories/31549 c:\Documents and Settings\Branko\Local Settings\Temp\Patcher\Patcher4380\StagingArea\4589
8/23/2008 12:49:53 AM Detected: http://www.viruslist.com/en/advisories/31549 c:\Documents and Settings\Branko\Local Settings\Temp\Patcher\Patcher4380\StagingArea\4589.dll
8/23/2008 12:51:58 AM Detected: Trojan.Win32.Monder.gge c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\kb456456[1]
8/23/2008 12:51:58 AM Untreated: Trojan.Win32.Monder.gge c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\kb456456[1] Postponed
8/23/2008 1:11:40 AM Detected: http://www.viruslist.com/en/advisories/28083 c:\i386\Flash9e.ocx
8/23/2008 1:11:49 AM Detected: http://www.viruslist.com/en/advisories/31010 c:\i386\java.exe
8/23/2008 1:11:49 AM Detected: http://www.viruslist.com/en/advisories/31010 c:\i386\javaws.exe
8/23/2008 1:13:00 AM Detected: http://www.viruslist.com/en/advisories/28083 c:\i386\swflash.ocx
8/23/2008 1:13:35 AM Detected: http://www.viruslist.com/en/advisories/23483 c:\program files\adobe\acrobat 6.0\acrobat\acrobat.exe
8/23/2008 1:15:24 AM Detected: http://www.viruslist.com/en/advisories/28083 c:\program files\adobe\Adobe Bridge CS3\browser\plugins\NPSWF32.dll
8/23/2008 1:16:54 AM Detected: http://www.viruslist.com/en/advisories/25023 c:\program files\adobe\Adobe Photoshop CS2\Plug-Ins\File Formats\BMP.8BI
8/23/2008 1:26:21 AM Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Java\jre1.5.0_06\bin\java.exe
8/23/2008 1:26:21 AM Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Java\jre1.5.0_06\bin\javaws.exe
8/23/2008 1:36:07 AM Detected: Trojan.Win32.Monder.gge c:\WINDOWS\system32\sagvwdwb.dll
8/23/2008 1:36:07 AM Untreated: Trojan.Win32.Monder.gge c:\WINDOWS\system32\sagvwdwb.dll Postponed
8/23/2008 1:36:10 AM Detected: Trojan.Win32.Monder.gge c:\WINDOWS\system32\tijbkupi.dll
8/23/2008 1:36:10 AM Untreated: Trojan.Win32.Monder.gge c:\WINDOWS\system32\tijbkupi.dll Postponed
8/23/2008 1:36:28 AM Detected: http://www.viruslist.com/en/advisories/28083 c:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
8/23/2008 1:36:29 AM Detected: http://www.viruslist.com/en/advisories/26027 c:\WINDOWS\system32\Macromed\Flash\flash.ocx
8/23/2008 2:17:32 AM Detected: http://www.viruslist.com/en/advisories/27361 E:\sa-punog-c-diska\sa-starog-zip-disks\5\Real1\RealPlayer\realplay.exe
8/23/2008 2:18:09 AM Detected: Trojan.Win32.Monder.gge c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\kb456456[1]
8/23/2008 2:18:09 AM Deleted: Trojan.Win32.Monder.gge c:\Documents and Settings\Branko\Local Settings\Temporary Internet Files\Content.IE5\6TCFAPSX\kb456456[1]
8/23/2008 2:18:09 AM Detected: Trojan.Win32.Monder.gge c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0012307.dll
8/23/2008 2:18:09 AM Deleted: Trojan.Win32.Monder.gge c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP116\A0012307.dll
8/23/2008 2:18:09 AM Detected: Trojan.Win32.Monder.gge c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034659.dll
8/23/2008 2:18:09 AM Deleted: Trojan.Win32.Monder.gge c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034659.dll
8/23/2008 2:18:09 AM Detected: Trojan.Win32.Monder.gge c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034660.dll
8/23/2008 2:18:09 AM Deleted: Trojan.Win32.Monder.gge c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034660.dll
8/23/2008 2:18:10 AM Detected: not-a-virus:AdWare.Win32.MyWay.ac E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034664.exe/data0012
8/23/2008 2:18:10 AM Untreated: not-a-virus:AdWare.Win32.MyWay.ac E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034664.exe/data0012 Skipped by user
8/23/2008 2:18:12 AM Detected: not-a-virus:AdWare.Win32.MyWay.j E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034665.exe/data0012
8/23/2008 2:18:12 AM Untreated: not-a-virus:AdWare.Win32.MyWay.j E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034665.exe/data0012 Skipped by user
8/23/2008 2:18:12 AM Detected: not-a-virus:AdWare.Win32.180Solutions E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034665.exe/data0015
8/23/2008 2:18:13 AM Detected: not-a-virus:AdWare.Win32.BookedSpace.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0016.BIN/data0002
8/23/2008 2:18:13 AM Untreated: not-a-virus:AdWare.Win32.BookedSpace.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0016.BIN/data0002 Skipped by user
8/23/2008 2:18:13 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.v E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0017.BIN/data0002
8/23/2008 2:18:13 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0017.BIN/data0003
8/23/2008 2:18:13 AM Detected: not-a-virus:AdWare.Win32.SaveNow.e E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/Save.exe
8/23/2008 2:18:13 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/SaveUninst.exe
8/23/2008 2:18:13 AM Detected: not-a-virus:AdWare.Win32.SaveNow E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/Weather\Weather.exe
8/23/2008 2:18:13 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/Weather\Uninst.exe
8/23/2008 2:18:13 AM Detected: not-a-virus:AdWare.Win32.EZula.p E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0036.BIN
8/23/2008 2:18:14 AM Detected: not-a-virus:AdWare.Win32.Harmohol.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0012
8/23/2008 2:18:14 AM Untreated: not-a-virus:AdWare.Win32.Harmohol.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0012 Skipped by user
8/23/2008 2:18:14 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/wbhshare.dll
8/23/2008 2:18:14 AM Detected: not-a-virus:AdWare.Win32.WebHancer E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/Webhdll.dll
8/23/2008 2:18:14 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/WhAgent.exe
8/23/2008 2:18:14 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/whiehlpr.dll
8/23/2008 2:18:14 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/whieshm.dll
8/23/2008 2:18:14 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/whInstaller.exe
8/23/2008 2:18:14 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bg E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0016/SaveNow.exe
8/23/2008 2:18:14 AM Detected: not-a-virus:AdWare.Win32.SaveNow.au E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0016/Uninst.exe
8/23/2008 2:18:14 AM Task completed
Full Scan: completed 9/13/2008 1:23:40 AM (events: 163, objects: 1104371, time: 02:43:13)
8/30/2008 12:23:20 AM Task started
8/30/2008 12:25:35 AM Detected: http://www.viruslist.com/en/advisories/23483 c:\program files\adobe\acrobat 6.0\acrobat\acrobat.exe
8/30/2008 12:33:45 AM Detected: not-a-virus:AdWare.Win32.BookedSpace.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0016.BIN/data0002
8/30/2008 12:33:45 AM Untreated: not-a-virus:AdWare.Win32.BookedSpace.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0016.BIN/data0002 Postponed
8/30/2008 12:33:45 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.v E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0017.BIN/data0002
8/30/2008 12:33:46 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0017.BIN/data0003
8/30/2008 12:33:46 AM Detected: not-a-virus:AdWare.Win32.SaveNow.e E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/Save.exe
8/30/2008 12:33:46 AM Detected: not-a-virus:AdWare.Win32.MyWay.ac E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034664.exe/data0012
8/30/2008 12:33:46 AM Untreated: not-a-virus:AdWare.Win32.MyWay.ac E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034664.exe/data0012 Postponed
8/30/2008 12:33:46 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/SaveUninst.exe
8/30/2008 12:33:46 AM Detected: not-a-virus:AdWare.Win32.SaveNow E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/Weather\Weather.exe
8/30/2008 12:33:46 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/Weather\Uninst.exe
8/30/2008 12:33:46 AM Detected: not-a-virus:AdWare.Win32.MyWay.j E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034665.exe/data0012
8/30/2008 12:33:46 AM Untreated: not-a-virus:AdWare.Win32.MyWay.j E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034665.exe/data0012 Postponed
8/30/2008 12:33:46 AM Detected: not-a-virus:AdWare.Win32.Harmohol.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0012
8/30/2008 12:33:46 AM Untreated: not-a-virus:AdWare.Win32.Harmohol.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0012 Postponed
8/30/2008 12:33:47 AM Detected: not-a-virus:AdWare.Win32.180Solutions E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034665.exe/data0015
8/30/2008 12:33:47 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/wbhshare.dll
8/30/2008 12:33:47 AM Detected: not-a-virus:AdWare.Win32.WebHancer E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/Webhdll.dll
8/30/2008 12:33:47 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/WhAgent.exe
8/30/2008 12:33:47 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/whiehlpr.dll
8/30/2008 12:33:47 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/whieshm.dll
8/30/2008 12:33:47 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/whInstaller.exe
8/30/2008 12:33:47 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bg E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0016/SaveNow.exe
8/30/2008 12:33:47 AM Detected: not-a-virus:AdWare.Win32.SaveNow.au E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0016/Uninst.exe
8/30/2008 12:33:47 AM Detected: not-a-virus:AdWare.Win32.EZula.p E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0036.BIN
8/30/2008 12:46:13 AM Detected: http://www.viruslist.com/en/advisories/31549 c:\Documents and Settings\Branko\Local Settings\Temp\Patcher\Patcher2340\StagingArea\1313.dll
8/30/2008 12:46:14 AM Detected: http://www.viruslist.com/en/advisories/31549 c:\Documents and Settings\Branko\Local Settings\Temp\Patcher\Patcher2340\StagingArea\1313
8/30/2008 12:48:05 AM Detected: http://www.viruslist.com/en/advisories/31549 c:\Documents and Settings\Branko\Local Settings\Temp\Patcher\Patcher4380\StagingArea\4589
8/30/2008 12:48:05 AM Detected: http://www.viruslist.com/en/advisories/31549 c:\Documents and Settings\Branko\Local Settings\Temp\Patcher\Patcher4380\StagingArea\4589.dll
8/30/2008 1:04:44 AM Detected: http://www.viruslist.com/en/advisories/28083 c:\i386\Flash9e.ocx
8/30/2008 1:04:52 AM Detected: http://www.viruslist.com/en/advisories/31010 c:\i386\java.exe
8/30/2008 1:04:52 AM Detected: http://www.viruslist.com/en/advisories/31010 c:\i386\javaws.exe
8/30/2008 1:06:01 AM Detected: http://www.viruslist.com/en/advisories/28083 c:\i386\swflash.ocx
8/30/2008 1:06:31 AM Detected: http://www.viruslist.com/en/advisories/23483 c:\program files\adobe\acrobat 6.0\acrobat\acrobat.exe
8/30/2008 1:08:11 AM Detected: http://www.viruslist.com/en/advisories/28083 c:\program files\adobe\Adobe Bridge CS3\browser\plugins\NPSWF32.dll
8/30/2008 1:09:22 AM Detected: http://www.viruslist.com/en/advisories/25023 c:\program files\adobe\Adobe Photoshop CS2\Plug-Ins\File Formats\BMP.8BI
8/30/2008 1:16:08 AM Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Java\jre1.5.0_06\bin\java.exe
8/30/2008 1:16:08 AM Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Java\jre1.5.0_06\bin\javaws.exe
8/30/2008 1:25:38 AM Detected: http://www.viruslist.com/en/advisories/26027 c:\WINDOWS\system32\Macromed\Flash\flash.ocx
8/30/2008 1:25:38 AM Detected: http://www.viruslist.com/en/advisories/28083 c:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
8/30/2008 1:56:33 AM Detected: http://www.viruslist.com/en/advisories/27361 E:\sa-punog-c-diska\sa-starog-zip-disks\5\Real1\RealPlayer\realplay.exe
8/30/2008 2:08:55 AM Detected: http://www.viruslist.com/en/advisories/27620 G:\Program Files\realplay.exe
8/30/2008 2:09:12 AM Detected: http://www.viruslist.com/en/advisories/23483 G:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
8/30/2008 2:09:27 AM Detected: http://www.viruslist.com/en/advisories/25023 G:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\File Formats\BMP.8BI
8/30/2008 2:12:44 AM Detected: http://www.viruslist.com/en/advisories/26725 G:\Program Files\iTunes\iTunes.exe
8/30/2008 2:15:30 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\sa-punog-c-diska\1a_stari_sa_desktopa\zipici\progs_to_do_archives\ZIPSET2.EXE/data/PECompact
8/30/2008 2:15:34 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\sa-punog-c-diska\1a_stari_sa_desktopa\zipici\progs_to_do_archives\ZIPSET2.EXE/data/PECompact Postponed
8/30/2008 2:15:34 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\sa-punog-c-diska\sa-starog-zip-disks\1\zipici-i-exe-ici\progs_to_do_archives\ZIPSET2.EXE/data/PECompact
8/30/2008 2:15:35 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\sa-punog-c-diska\sa-starog-zip-disks\1\zipici-i-exe-ici\progs_to_do_archives\ZIPSET2.EXE/data/PECompact Postponed
8/30/2008 2:15:38 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\sa-punog-c-diska\sa-starog-zip-disks\2\progs_to_do_archives\ZIPSET2.EXE/data/PECompact
8/30/2008 2:15:39 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\sa-punog-c-diska\sa-starog-zip-disks\2\progs_to_do_archives\ZIPSET2.EXE/data/PECompact Postponed
8/30/2008 2:15:47 AM Detected: not-a-virus:AdWare.Win32.Harmohol.a G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0012
8/30/2008 2:15:48 AM Untreated: not-a-virus:AdWare.Win32.Harmohol.a G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0012 Postponed
8/30/2008 2:15:48 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/wbhshare.dll
8/30/2008 2:15:48 AM Detected: not-a-virus:AdWare.Win32.WebHancer G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/Webhdll.dll
8/30/2008 2:15:48 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/WhAgent.exe
8/30/2008 2:15:48 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/whiehlpr.dll
8/30/2008 2:15:48 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/whieshm.dll
8/30/2008 2:15:48 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/whInstaller.exe
8/30/2008 2:15:48 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bg G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0016/SaveNow.exe
8/30/2008 2:15:48 AM Detected: not-a-virus:AdWare.Win32.SaveNow.au G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0016/Uninst.exe
8/30/2008 2:15:54 AM Detected: http://www.viruslist.com/en/advisories/27361 G:\sa-punog-c-diska\sa-starog-zip-disks\5\Real1\RealPlayer\realplay.exe
8/30/2008 2:18:47 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\za-prenos-na-xps630i\1a-downloads-desktop\1a_stari_sa_desktopa\zipici\progs_to_do_archives\ZIPSET2.EXE/data/PECompact
8/30/2008 2:18:47 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\za-prenos-na-xps630i\1a-downloads-desktop\1a_stari_sa_desktopa\zipici\progs_to_do_archives\ZIPSET2.EXE/data/PECompact Postponed
8/30/2008 2:19:33 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\za-prenos-na-xps630i\1aa-za-prenos-sa-starog\1d-zadnje-od-01-16\progs_to_do_archives\ZIPSET2.EXE/data/PECompact
8/30/2008 2:19:34 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\za-prenos-na-xps630i\1aa-za-prenos-sa-starog\1d-zadnje-od-01-16\progs_to_do_archives\ZIPSET2.EXE/data/PECompact Postponed
8/30/2008 2:22:10 AM Detected: not-a-virus:AdWare.Win32.MyWay.ac G:\za-prenos-na-xps630i\misc\freeripmp3.exe/data0012
8/30/2008 2:22:11 AM Untreated: not-a-virus:AdWare.Win32.MyWay.ac G:\za-prenos-na-xps630i\misc\freeripmp3.exe/data0012 Postponed
8/30/2008 2:22:11 AM Detected: not-a-virus:AdWare.Win32.BookedSpace.a G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0016.BIN/data0002
8/30/2008 2:22:12 AM Untreated: not-a-virus:AdWare.Win32.BookedSpace.a G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0016.BIN/data0002 Postponed
8/30/2008 2:22:12 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.v G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0017.BIN/data0002
8/30/2008 2:22:12 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.a G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0017.BIN/data0003
8/30/2008 2:22:12 AM Detected: not-a-virus:AdWare.Win32.SaveNow.e G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/Save.exe
8/30/2008 2:22:12 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/SaveUninst.exe
8/30/2008 2:22:12 AM Detected: not-a-virus:AdWare.Win32.SaveNow G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/Weather\Weather.exe
8/30/2008 2:22:12 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/Weather\Uninst.exe
8/30/2008 2:22:13 AM Detected: not-a-virus:AdWare.Win32.MyWay.j G:\za-prenos-na-xps630i\misc\RosoftCDExtractorFree.exe/data0012
8/30/2008 2:22:13 AM Detected: not-a-virus:AdWare.Win32.EZula.p G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0036.BIN
8/30/2008 2:22:16 AM Untreated: not-a-virus:AdWare.Win32.MyWay.j G:\za-prenos-na-xps630i\misc\RosoftCDExtractorFree.exe/data0012 Postponed
8/30/2008 2:22:16 AM Detected: not-a-virus:AdWare.Win32.180Solutions G:\za-prenos-na-xps630i\misc\RosoftCDExtractorFree.exe/data0015
8/30/2008 2:24:35 AM Detected: not-a-virus:AdWare.Win32.MyWay.ac E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034664.exe/data0012
8/30/2008 2:24:35 AM Untreated: not-a-virus:AdWare.Win32.MyWay.ac E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034664.exe/data0012 Skipped by user
8/30/2008 2:24:37 AM Detected: not-a-virus:AdWare.Win32.MyWay.j E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034665.exe/data0012
8/30/2008 2:24:37 AM Untreated: not-a-virus:AdWare.Win32.MyWay.j E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034665.exe/data0012 Skipped by user
8/30/2008 2:24:37 AM Detected: not-a-virus:AdWare.Win32.180Solutions E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034665.exe/data0015
8/30/2008 2:24:37 AM Detected: not-a-virus:AdWare.Win32.BookedSpace.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0016.BIN/data0002
8/30/2008 2:24:37 AM Untreated: not-a-virus:AdWare.Win32.BookedSpace.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0016.BIN/data0002 Skipped by user
8/30/2008 2:24:37 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.v E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0017.BIN/data0002
8/30/2008 2:24:37 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0017.BIN/data0003
8/30/2008 2:24:37 AM Detected: not-a-virus:AdWare.Win32.SaveNow.e E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/Save.exe
8/30/2008 2:24:37 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/SaveUninst.exe
8/30/2008 2:24:37 AM Detected: not-a-virus:AdWare.Win32.SaveNow E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/Weather\Weather.exe
8/30/2008 2:24:37 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0025.BIN/data0001.cab/Weather\Uninst.exe
8/30/2008 2:24:38 AM Detected: not-a-virus:AdWare.Win32.EZula.p E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034666.exe/WISE0036.BIN
8/30/2008 2:24:38 AM Detected: not-a-virus:AdWare.Win32.Harmohol.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0012
8/30/2008 2:24:38 AM Untreated: not-a-virus:AdWare.Win32.Harmohol.a E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0012 Skipped by user
8/30/2008 2:24:38 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/wbhshare.dll
8/30/2008 2:24:38 AM Detected: not-a-virus:AdWare.Win32.WebHancer E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/Webhdll.dll
8/30/2008 2:24:38 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/WhAgent.exe
8/30/2008 2:24:38 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/whiehlpr.dll
8/30/2008 2:24:38 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/whieshm.dll
8/30/2008 2:24:38 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0015/whInstaller.exe
8/30/2008 2:24:38 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bg E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0016/SaveNow.exe
8/30/2008 2:24:38 AM Detected: not-a-virus:AdWare.Win32.SaveNow.au E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP141\A0034667.EXE/data0016/Uninst.exe
8/30/2008 2:24:39 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\sa-punog-c-diska\1a_stari_sa_desktopa\zipici\progs_to_do_archives\ZIPSET2.EXE/data/PECompact
8/30/2008 2:24:39 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\sa-punog-c-diska\1a_stari_sa_desktopa\zipici\progs_to_do_archives\ZIPSET2.EXE/data/PECompact Skipped by user
8/30/2008 2:24:39 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\sa-punog-c-diska\sa-starog-zip-disks\1\zipici-i-exe-ici\progs_to_do_archives\ZIPSET2.EXE/data/PECompact
8/30/2008 2:24:39 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\sa-punog-c-diska\sa-starog-zip-disks\1\zipici-i-exe-ici\progs_to_do_archives\ZIPSET2.EXE/data/PECompact Skipped by user
8/30/2008 2:24:40 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\sa-punog-c-diska\sa-starog-zip-disks\2\progs_to_do_archives\ZIPSET2.EXE/data/PECompact
8/30/2008 2:24:40 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\sa-punog-c-diska\sa-starog-zip-disks\2\progs_to_do_archives\ZIPSET2.EXE/data/PECompact Skipped by user
8/30/2008 2:24:40 AM Detected: not-a-virus:AdWare.Win32.Harmohol.a G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0012
8/30/2008 2:24:40 AM Untreated: not-a-virus:AdWare.Win32.Harmohol.a G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0012 Skipped by user
8/30/2008 2:24:40 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/wbhshare.dll
8/30/2008 2:24:40 AM Detected: not-a-virus:AdWare.Win32.WebHancer G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/Webhdll.dll
8/30/2008 2:24:40 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/WhAgent.exe
8/30/2008 2:24:40 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/whiehlpr.dll
8/30/2008 2:24:40 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/whieshm.dll
8/30/2008 2:24:40 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0015/whInstaller.exe
8/30/2008 2:24:40 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bg G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0016/SaveNow.exe
8/30/2008 2:24:40 AM Detected: not-a-virus:AdWare.Win32.SaveNow.au G:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE/data0016/Uninst.exe
8/30/2008 2:24:40 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\za-prenos-na-xps630i\1a-downloads-desktop\1a_stari_sa_desktopa\zipici\progs_to_do_archives\ZIPSET2.EXE/data/PECompact
8/30/2008 2:24:40 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\za-prenos-na-xps630i\1a-downloads-desktop\1a_stari_sa_desktopa\zipici\progs_to_do_archives\ZIPSET2.EXE/data/PECompact Skipped by user
8/30/2008 2:24:41 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\za-prenos-na-xps630i\1aa-za-prenos-sa-starog\1d-zadnje-od-01-16\progs_to_do_archives\ZIPSET2.EXE/data/PECompact
8/30/2008 2:24:41 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\za-prenos-na-xps630i\1aa-za-prenos-sa-starog\1d-zadnje-od-01-16\progs_to_do_archives\ZIPSET2.EXE/data/PECompact Skipped by user
8/30/2008 2:24:42 AM Detected: not-a-virus:AdWare.Win32.MyWay.ac G:\za-prenos-na-xps630i\misc\freeripmp3.exe/data0012
8/30/2008 2:24:42 AM Untreated: not-a-virus:AdWare.Win32.MyWay.ac G:\za-prenos-na-xps630i\misc\freeripmp3.exe/data0012 Skipped by user
8/30/2008 2:24:43 AM Detected: not-a-virus:AdWare.Win32.MyWay.j G:\za-prenos-na-xps630i\misc\RosoftCDExtractorFree.exe/data0012
8/30/2008 2:24:43 AM Untreated: not-a-virus:AdWare.Win32.MyWay.j G:\za-prenos-na-xps630i\misc\RosoftCDExtractorFree.exe/data0012 Skipped by user
8/30/2008 2:24:43 AM Detected: not-a-virus:AdWare.Win32.180Solutions G:\za-prenos-na-xps630i\misc\RosoftCDExtractorFree.exe/data0015
8/30/2008 2:24:44 AM Detected: not-a-virus:AdWare.Win32.BookedSpace.a G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0016.BIN/data0002
8/30/2008 2:24:44 AM Untreated: not-a-virus:AdWare.Win32.BookedSpace.a G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0016.BIN/data0002 Skipped by user
8/30/2008 2:24:44 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.v G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0017.BIN/data0002
8/30/2008 2:24:44 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.a G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0017.BIN/data0003
8/30/2008 2:24:44 AM Detected: not-a-virus:AdWare.Win32.SaveNow.e G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/Save.exe
8/30/2008 2:24:44 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/SaveUninst.exe
8/30/2008 2:24:44 AM Detected: not-a-virus:AdWare.Win32.SaveNow G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/Weather\Weather.exe
8/30/2008 2:24:44 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0025.BIN/data0001.cab/Weather\Uninst.exe
8/30/2008 2:24:44 AM Detected: not-a-virus:AdWare.Win32.EZula.p G:\za-prenos-na-xps630i\misc\setupcdripper.exe/WISE0036.BIN
8/30/2008 2:24:44 AM Task completed
Full Scan: completed 9/13/2008 1:23:40 AM (events: 163, objects: 1104371, time: 02:43:13)
9/5/2008 9:30:42 PM Task completed
9/5/2008 9:30:21 PM Task started
Full Scan: completed 9/13/2008 1:23:40 AM (events: 163, objects: 1104371, time: 02:43:13)
9/12/2008 10:37:05 PM Task started
9/12/2008 10:37:53 PM Detected: http://www.viruslist.com/en/advisories/23483 c:\program files\adobe\acrobat 6.0\acrobat\acrobat.exe
9/12/2008 10:38:19 PM Task stopped
9/12/2008 10:40:27 PM Task started
9/12/2008 10:40:27 PM Detected: http://www.viruslist.com/en/advisories/23483 c:\program files\adobe\acrobat 6.0\acrobat\acrobat.exe
9/12/2008 10:54:18 PM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037165.EXE/data/PECompact
9/12/2008 10:54:18 PM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037167.EXE/data/PECompact
9/12/2008 10:54:19 PM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037167.EXE/data/PECompact Postponed
9/12/2008 10:54:19 PM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037165.EXE/data/PECompact Postponed
9/12/2008 10:54:19 PM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037166.EXE/data/PECompact
9/12/2008 10:54:19 PM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037166.EXE/data/PECompact Postponed
9/12/2008 10:54:20 PM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037170.EXE/data/PECompact
9/12/2008 10:54:20 PM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037170.EXE/data/PECompact Postponed
9/12/2008 10:54:20 PM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037169.EXE/data/PECompact
9/12/2008 10:54:20 PM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037169.EXE/data/PECompact Postponed
9/12/2008 10:54:20 PM Detected: not-a-virus:AdWare.Win32.Harmohol.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0012
9/12/2008 10:54:20 PM Untreated: not-a-virus:AdWare.Win32.Harmohol.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0012 Postponed
9/12/2008 10:54:20 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0015/wbhshare.dll
9/12/2008 10:54:20 PM Detected: not-a-virus:AdWare.Win32.WebHancer G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0015/Webhdll.dll
9/12/2008 10:54:20 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0015/WhAgent.exe
9/12/2008 10:54:20 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0015/whiehlpr.dll
9/12/2008 10:54:20 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0015/whieshm.dll
9/12/2008 10:54:20 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0015/whInstaller.exe
9/12/2008 10:54:20 PM Detected: not-a-virus:AdWare.Win32.SaveNow.bg G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0016/SaveNow.exe
9/12/2008 10:54:20 PM Detected: not-a-virus:AdWare.Win32.SaveNow.au G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0016/Uninst.exe
9/12/2008 10:54:22 PM Detected: not-a-virus:AdWare.Win32.MyWay.ac G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037171.exe/data0012
9/12/2008 10:54:22 PM Untreated: not-a-virus:AdWare.Win32.MyWay.ac G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037171.exe/data0012 Postponed
9/12/2008 10:54:22 PM Detected: not-a-virus:AdWare.Win32.BookedSpace.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0016.BIN/data0002
9/12/2008 10:54:22 PM Untreated: not-a-virus:AdWare.Win32.BookedSpace.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0016.BIN/data0002 Postponed
9/12/2008 10:54:22 PM Detected: not-a-virus:AdWare.Win32.BargainBuddy.v G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0017.BIN/data0002
9/12/2008 10:54:22 PM Detected: not-a-virus:AdWare.Win32.BargainBuddy.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0017.BIN/data0003
9/12/2008 10:54:23 PM Detected: not-a-virus:AdWare.Win32.SaveNow.e G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0025.BIN/data0001.cab/Save.exe
9/12/2008 10:54:23 PM Detected: not-a-virus:AdWare.Win32.SaveNow.bl G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0025.BIN/data0001.cab/SaveUninst.exe
9/12/2008 10:54:23 PM Detected: not-a-virus:AdWare.Win32.SaveNow G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0025.BIN/data0001.cab/Weather\Weather.exe
9/12/2008 10:54:23 PM Detected: not-a-virus:AdWare.Win32.SaveNow.bl G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0025.BIN/data0001.cab/Weather\Uninst.exe
9/12/2008 10:54:23 PM Detected: not-a-virus:AdWare.Win32.EZula.p G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0036.BIN
9/12/2008 10:54:23 PM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037302.EXE/data/PECompact
9/12/2008 10:54:23 PM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037302.EXE/data/PECompact Postponed
9/12/2008 10:54:24 PM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037303.EXE/data/PECompact
9/12/2008 10:54:24 PM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037304.EXE/data/PECompact
9/12/2008 10:54:24 PM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037303.EXE/data/PECompact Postponed
9/12/2008 10:54:24 PM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037304.EXE/data/PECompact Postponed
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.MyWay.j G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037173.exe/data0012
9/12/2008 10:54:25 PM Untreated: not-a-virus:AdWare.Win32.MyWay.j G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037173.exe/data0012 Postponed
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.180Solutions G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037173.exe/data0015
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.Harmohol.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0012
9/12/2008 10:54:25 PM Untreated: not-a-virus:AdWare.Win32.Harmohol.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0012 Postponed
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0015/wbhshare.dll
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.WebHancer G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0015/Webhdll.dll
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0015/WhAgent.exe
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0015/whiehlpr.dll
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0015/whieshm.dll
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0015/whInstaller.exe
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.SaveNow.bg G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0016/SaveNow.exe
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037307.EXE/data/PECompact
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.SaveNow.au G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0016/Uninst.exe
9/12/2008 10:54:25 PM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037307.EXE/data/PECompact Postponed
9/12/2008 10:54:25 PM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037306.EXE/data/PECompact
9/12/2008 10:54:25 PM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037306.EXE/data/PECompact Postponed
9/12/2008 10:54:26 PM Detected: not-a-virus:AdWare.Win32.MyWay.ac G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037308.exe/data0012
9/12/2008 10:54:26 PM Untreated: not-a-virus:AdWare.Win32.MyWay.ac G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037308.exe/data0012 Postponed
9/12/2008 10:54:28 PM Detected: not-a-virus:AdWare.Win32.MyWay.j G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037309.exe/data0012
9/12/2008 10:54:28 PM Untreated: not-a-virus:AdWare.Win32.MyWay.j G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037309.exe/data0012 Postponed
9/12/2008 10:54:28 PM Detected: not-a-virus:AdWare.Win32.180Solutions G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037309.exe/data0015
9/12/2008 10:54:28 PM Detected: not-a-virus:AdWare.Win32.BookedSpace.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0016.BIN/data0002
9/12/2008 10:54:28 PM Untreated: not-a-virus:AdWare.Win32.BookedSpace.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0016.BIN/data0002 Postponed
9/12/2008 10:54:28 PM Detected: not-a-virus:AdWare.Win32.BargainBuddy.v G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0017.BIN/data0002
9/12/2008 10:54:28 PM Detected: not-a-virus:AdWare.Win32.BargainBuddy.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0017.BIN/data0003
9/12/2008 10:54:28 PM Detected: not-a-virus:AdWare.Win32.SaveNow.e G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0025.BIN/data0001.cab/Save.exe
9/12/2008 10:54:28 PM Detected: not-a-virus:AdWare.Win32.SaveNow.bl G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0025.BIN/data0001.cab/SaveUninst.exe
9/12/2008 10:54:28 PM Detected: not-a-virus:AdWare.Win32.SaveNow G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0025.BIN/data0001.cab/Weather\Weather.exe
9/12/2008 10:54:28 PM Detected: not-a-virus:AdWare.Win32.SaveNow.bl G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0025.BIN/data0001.cab/Weather\Uninst.exe
9/12/2008 10:54:28 PM Detected: not-a-virus:AdWare.Win32.EZula.p G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0036.BIN
9/12/2008 11:33:08 PM Detected: Trojan.Win32.Monder.gen c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\kb671231[1]/UPX
9/12/2008 11:33:08 PM Untreated: Trojan.Win32.Monder.gen c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\kb671231[1]/UPX Postponed
9/12/2008 11:36:58 PM Detected: http://www.viruslist.com/en/advisories/28083 c:\i386\Flash9e.ocx
9/12/2008 11:37:21 PM Detected: http://www.viruslist.com/en/advisories/31010 c:\i386\java.exe
9/12/2008 11:37:21 PM Detected: http://www.viruslist.com/en/advisories/31010 c:\i386\javaws.exe
9/12/2008 11:39:29 PM Detected: http://www.viruslist.com/en/advisories/28083 c:\i386\swflash.ocx
9/12/2008 11:40:39 PM Detected: http://www.viruslist.com/en/advisories/23483 c:\program files\adobe\acrobat 6.0\acrobat\acrobat.exe
9/12/2008 11:44:13 PM Detected: http://www.viruslist.com/en/advisories/28083 c:\program files\adobe\Adobe Bridge CS3\browser\plugins\NPSWF32.dll
9/12/2008 11:46:50 PM Detected: http://www.viruslist.com/en/advisories/25023 c:\program files\adobe\Adobe Photoshop CS2\Plug-Ins\File Formats\BMP.8BI
9/12/2008 11:59:22 PM Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Java\jre1.5.0_06\bin\java.exe
9/12/2008 11:59:22 PM Detected: http://www.viruslist.com/en/advisories/31010 c:\program files\Java\jre1.5.0_06\bin\javaws.exe
9/13/2008 12:11:21 AM Detected: http://www.viruslist.com/en/advisories/26027 c:\WINDOWS\system32\Macromed\Flash\flash.ocx
9/13/2008 12:11:21 AM Detected: http://www.viruslist.com/en/advisories/28083 c:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
9/13/2008 12:43:54 AM Detected: http://www.viruslist.com/en/advisories/27361 E:\sa-punog-c-diska\sa-starog-zip-disks\5\Real1\RealPlayer\realplay.exe
9/13/2008 12:59:33 AM Detected: http://www.viruslist.com/en/advisories/27620 G:\Program Files\realplay.exe
9/13/2008 12:59:42 AM Detected: http://www.viruslist.com/en/advisories/23483 G:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
9/13/2008 1:00:41 AM Detected: http://www.viruslist.com/en/advisories/25023 G:\Program Files\Adobe\Adobe Photoshop CS2\Plug-Ins\File Formats\BMP.8BI
9/13/2008 1:03:59 AM Detected: http://www.viruslist.com/en/advisories/26725 G:\Program Files\iTunes\iTunes.exe
9/13/2008 1:08:54 AM Detected: http://www.viruslist.com/en/advisories/27361 G:\sa-punog-c-diska\sa-starog-zip-disks\5\Real1\RealPlayer\realplay.exe
9/13/2008 1:23:11 AM Detected: Trojan.Win32.Monder.gen c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\kb671231[1]/UPX
9/13/2008 1:23:14 AM Deleted: Trojan.Win32.Monder.gen c:\Documents and Settings\Stanka\Local Settings\Temporary Internet Files\Content.IE5\IJOLA5U7\kb671231[1]
9/13/2008 1:23:15 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037165.EXE/data/PECompact
9/13/2008 1:23:15 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037165.EXE/data/PECompact Skipped by user
9/13/2008 1:23:15 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037166.EXE/data/PECompact
9/13/2008 1:23:15 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037166.EXE/data/PECompact Skipped by user
9/13/2008 1:23:15 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037167.EXE/data/PECompact
9/13/2008 1:23:15 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037167.EXE/data/PECompact Skipped by user
9/13/2008 1:23:17 AM Detected: not-a-virus:AdWare.Win32.Harmohol.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0012
9/13/2008 1:23:18 AM Untreated: not-a-virus:AdWare.Win32.Harmohol.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0012 Skipped by user
9/13/2008 1:23:18 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0015/wbhshare.dll
9/13/2008 1:23:18 AM Detected: not-a-virus:AdWare.Win32.WebHancer G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0015/Webhdll.dll
9/13/2008 1:23:18 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0015/WhAgent.exe
9/13/2008 1:23:18 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0015/whiehlpr.dll
9/13/2008 1:23:18 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0015/whieshm.dll
9/13/2008 1:23:18 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0015/whInstaller.exe
9/13/2008 1:23:18 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bg G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0016/SaveNow.exe
9/13/2008 1:23:18 AM Detected: not-a-virus:AdWare.Win32.SaveNow.au G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037168.EXE/data0016/Uninst.exe
9/13/2008 1:23:18 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037169.EXE/data/PECompact
9/13/2008 1:23:18 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037169.EXE/data/PECompact Skipped by user
9/13/2008 1:23:19 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037170.EXE/data/PECompact
9/13/2008 1:23:19 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037170.EXE/data/PECompact Skipped by user
9/13/2008 1:23:21 AM Detected: not-a-virus:AdWare.Win32.MyWay.ac G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037171.exe/data0012
9/13/2008 1:23:22 AM Untreated: not-a-virus:AdWare.Win32.MyWay.ac G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037171.exe/data0012 Skipped by user
9/13/2008 1:23:23 AM Detected: not-a-virus:AdWare.Win32.BookedSpace.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0016.BIN/data0002
9/13/2008 1:23:24 AM Untreated: not-a-virus:AdWare.Win32.BookedSpace.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0016.BIN/data0002 Skipped by user
9/13/2008 1:23:24 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.v G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0017.BIN/data0002
9/13/2008 1:23:24 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0017.BIN/data0003
9/13/2008 1:23:24 AM Detected: not-a-virus:AdWare.Win32.SaveNow.e G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0025.BIN/data0001.cab/Save.exe
9/13/2008 1:23:24 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0025.BIN/data0001.cab/SaveUninst.exe
9/13/2008 1:23:24 AM Detected: not-a-virus:AdWare.Win32.SaveNow G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0025.BIN/data0001.cab/Weather\Weather.exe
9/13/2008 1:23:24 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0025.BIN/data0001.cab/Weather\Uninst.exe
9/13/2008 1:23:25 AM Detected: not-a-virus:AdWare.Win32.EZula.p G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037172.exe/WISE0036.BIN
9/13/2008 1:23:27 AM Detected: not-a-virus:AdWare.Win32.MyWay.j G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037173.exe/data0012
9/13/2008 1:23:27 AM Untreated: not-a-virus:AdWare.Win32.MyWay.j G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037173.exe/data0012 Skipped by user
9/13/2008 1:23:27 AM Detected: not-a-virus:AdWare.Win32.180Solutions G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP152\A0037173.exe/data0015
9/13/2008 1:23:27 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037302.EXE/data/PECompact
9/13/2008 1:23:27 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037302.EXE/data/PECompact Skipped by user
9/13/2008 1:23:28 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037303.EXE/data/PECompact
9/13/2008 1:23:28 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037303.EXE/data/PECompact Skipped by user
9/13/2008 1:23:28 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037304.EXE/data/PECompact
9/13/2008 1:23:28 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037304.EXE/data/PECompact Skipped by user
9/13/2008 1:23:29 AM Detected: not-a-virus:AdWare.Win32.Harmohol.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0012
9/13/2008 1:23:31 AM Untreated: not-a-virus:AdWare.Win32.Harmohol.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0012 Skipped by user
9/13/2008 1:23:31 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0015/wbhshare.dll
9/13/2008 1:23:31 AM Detected: not-a-virus:AdWare.Win32.WebHancer G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0015/Webhdll.dll
9/13/2008 1:23:31 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0015/WhAgent.exe
9/13/2008 1:23:31 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0015/whiehlpr.dll
9/13/2008 1:23:31 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0015/whieshm.dll
9/13/2008 1:23:31 AM Detected: not-a-virus:AdWare.Win32.WebHancer.214 G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0015/whInstaller.exe
9/13/2008 1:23:31 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bg G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0016/SaveNow.exe
9/13/2008 1:23:31 AM Detected: not-a-virus:AdWare.Win32.SaveNow.au G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037305.EXE/data0016/Uninst.exe
9/13/2008 1:23:31 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037306.EXE/data/PECompact
9/13/2008 1:23:31 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037306.EXE/data/PECompact Skipped by user
9/13/2008 1:23:31 AM Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037307.EXE/data/PECompact
9/13/2008 1:23:31 AM Untreated: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037307.EXE/data/PECompact Skipped by user
9/13/2008 1:23:33 AM Detected: not-a-virus:AdWare.Win32.MyWay.ac G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037308.exe/data0012
9/13/2008 1:23:35 AM Untreated: not-a-virus:AdWare.Win32.MyWay.ac G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037308.exe/data0012 Skipped by user
9/13/2008 1:23:36 AM Detected: not-a-virus:AdWare.Win32.MyWay.j G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037309.exe/data0012
9/13/2008 1:23:37 AM Untreated: not-a-virus:AdWare.Win32.MyWay.j G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037309.exe/data0012 Skipped by user
9/13/2008 1:23:37 AM Detected: not-a-virus:AdWare.Win32.180Solutions G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037309.exe/data0015
9/13/2008 1:23:38 AM Detected: not-a-virus:AdWare.Win32.BookedSpace.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0016.BIN/data0002
9/13/2008 1:23:39 AM Untreated: not-a-virus:AdWare.Win32.BookedSpace.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0016.BIN/data0002 Skipped by user
9/13/2008 1:23:39 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.v G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0017.BIN/data0002
9/13/2008 1:23:39 AM Detected: not-a-virus:AdWare.Win32.BargainBuddy.a G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0017.BIN/data0003
9/13/2008 1:23:39 AM Detected: not-a-virus:AdWare.Win32.SaveNow.e G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0025.BIN/data0001.cab/Save.exe
9/13/2008 1:23:39 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0025.BIN/data0001.cab/SaveUninst.exe
9/13/2008 1:23:39 AM Detected: not-a-virus:AdWare.Win32.SaveNow G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0025.BIN/data0001.cab/Weather\Weather.exe
9/13/2008 1:23:39 AM Detected: not-a-virus:AdWare.Win32.SaveNow.bl G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0025.BIN/data0001.cab/Weather\Uninst.exe
9/13/2008 1:23:40 AM Detected: not-a-virus:AdWare.Win32.EZula.p G:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP155\A0037310.exe/WISE0036.BIN
9/13/2008 1:23:40 AM Task completed


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:00 AM, on 9/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Branko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1DA7512B-CFEA-4BCD-BE6F-56D386A5D428} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ALServ] "C:\Program Files\Altec Lansing\AMS\ALServ.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PhotoCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\PhotoCAL\PhotoCAL.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2594377500
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,dgdzsc.dll,ulluzs.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O20 - Winlogon Notify: rqRHyYqo - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12211 bytes
branko
Regular Member
 
Posts: 44
Joined: September 6th, 2008, 9:01 pm

Re: virumonde problem

Unread postby Axephilic » September 14th, 2008, 1:40 am

Hello branko,

Did you have any problems with the last set of instructions? It looks like some of the steps didn't work. Please post any errors that you encounter and let me know. :)

Please try to uninstall AVG again and please post the exact error message that your are getting so that I can research it and try to find a solution.

Run CCleaner
  1. Please download and install CCleaner Slim.
  2. Once installed, double click on the desktop shortcut created.
  3. On the Windows tab, leave the default options alone.
  4. On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  5. Click on the Run Cleaner button at the bottom right hand corner.
  6. Close CCleaner.

    Note: You can use CCleaner on a regular basis, to keep your hard drive clean of temporary files and clutter. I recommend running it once a month.


Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    O2 - BHO: (no name) - {1DA7512B-CFEA-4BCD-BE6F-56D386A5D428} - (no file)
    O20 - Winlogon Notify: rqRHyYqo - C:\WINDOWS\
Close all open windows and click on Fix checked and when you get a popup window click on Yes.


Fix registry entries

Warning. Please note that this fix is specific for this poster and should not be used by anyone else:

1.Backup Your Registry with ERUNT
  • Please download ERUNT from here.
  • Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: To restore your registry, go to the folder and start ERDNT.exe

2. Please do this:
  • Copy the contents of the Code Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
Code: Select all
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\google\google~2\goec62~1.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Make sure there are NO blank lines before REGEDIT4

Then double-click on the fix.reg file, and when it prompts to merge say yes.


Run OTMoveIt2 by OldTimer
[*] Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: Select all
c:\windows\system32\biueng.dll
c:\windows\system32\radjlk.dll
c:\windows\system32\byXPGAtQ.dll
c:\windows\system32\kpqhpfyb.dll
c:\windows\system32\mxxtspik.dll
c:\windows\system32\ruraflvv.dll
c:\windows\system32\sagvwdwb.dll
c:\windows\system32\tijbkupi.dll
c:\windows\system32\xpujukrl.dll
E:\misc\freeripmp3.exe
E:\misc\RosoftCDExtractorFree.exe
E:\misc\setupcdripper.exe
E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE
G:\sa-punog-c-diska\1a_stari_sa_desktopa\zipici\progs_to_do_archives\ZIPSET2.EXE
C:\VundoFix Backups


[*] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.

[*]Click the red Moveit! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt2[/list]
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

In your next reply, please include:
  1. OTMoveIt log
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: virumonde problem

Unread postby branko » September 15th, 2008, 12:59 am

Hi Adam,

I did as you asked, see the logs below. When I try to unistal AVG I get this message : "Something bad happened to application.
Error diagnostic file saved to.... " I am copying the avg8inst.err below and the logs you asked for follow.
My Firefox nad Safari are still extremely slow. Also my Outlook takes a long time to download any embeded images, no major change
since we started.

Thanks much.
Branko

//==<AVG-7.5>===================================================
Exception code: 80000003 BREAKPOINT
Fault address: 004DDFD9 01:000DCFD9 C:\Program Files\AVG\AVG8\setup.exe
Module Date: 08/05/2008 10:00:54
File Version of C:\Program Files\AVG\AVG8\setup.exe: 8.0.0.159
Exception Date: 09/09/2008 22:13:45

MiniDump Information Saved to C:\DOCUME~1\Branko\LOCALS~1\Temp\avg8inst.dmp

//==<AVG-7.5>===================================================
Exception code: 80000003 BREAKPOINT
Fault address: 004DDFD9 01:000DCFD9 C:\Program Files\AVG\AVG8\setup.exe
Module Date: 08/05/2008 10:00:54
File Version of C:\Program Files\AVG\AVG8\setup.exe: 8.0.0.159
Exception Date: 09/09/2008 22:14:06

MiniDump Information Saved to C:\DOCUME~1\Branko\LOCALS~1\Temp\avg8inst.dmp

//==<AVG-7.5>===================================================
Exception code: 80000003 BREAKPOINT
Fault address: 004DDFD9 01:000DCFD9 C:\Program Files\AVG\AVG8\setup.exe
Module Date: 08/05/2008 10:00:54
File Version of C:\Program Files\AVG\AVG8\setup.exe: 8.0.0.159
Exception Date: 09/09/2008 22:14:12

MiniDump Information Saved to C:\DOCUME~1\Branko\LOCALS~1\Temp\avg8inst.dmp

//==<AVG-7.5>===================================================
Exception code: 80000003 BREAKPOINT
Fault address: 004DDFD9 01:000DCFD9 C:\Program Files\AVG\AVG8\setup.exe
Module Date: 08/05/2008 10:00:54
File Version of C:\Program Files\AVG\AVG8\setup.exe: 8.0.0.159
Exception Date: 09/09/2008 22:14:29

MiniDump Information Saved to C:\DOCUME~1\Branko\LOCALS~1\Temp\avg8inst.dmp

//==<AVG-7.5>===================================================
Exception code: 80000003 BREAKPOINT
Fault address: 004DDFD9 01:000DCFD9 C:\Program Files\AVG\AVG8\setup.exe
Module Date: 08/05/2008 10:00:54
File Version of C:\Program Files\AVG\AVG8\setup.exe: 8.0.0.159
Exception Date: 09/09/2008 22:14:37

MiniDump Information Saved to C:\DOCUME~1\Branko\LOCALS~1\Temp\avg8inst.dmp

//==<AVG-7.5>===================================================
Exception code: 80000003 BREAKPOINT
Fault address: 004DDFD9 01:000DCFD9 C:\Program Files\AVG\AVG8\setup.exe
Module Date: 08/05/2008 10:00:54
File Version of C:\Program Files\AVG\AVG8\setup.exe: 8.0.0.159
Exception Date: 09/09/2008 22:15:22

MiniDump Information Saved to C:\DOCUME~1\Branko\LOCALS~1\Temp\avg8inst.dmp

//==<AVG-7.5>===================================================
Exception code: 80000003 BREAKPOINT
Fault address: 004DDFD9 01:000DCFD9 C:\Program Files\AVG\AVG8\setup.exe
Module Date: 08/05/2008 10:00:54
File Version of C:\Program Files\AVG\AVG8\setup.exe: 8.0.0.159
Exception Date: 09/09/2008 22:15:37

MiniDump Information Saved to C:\DOCUME~1\Branko\LOCALS~1\Temp\avg8inst.dmp

//==<AVG-7.5>===================================================
Exception code: 80000003 BREAKPOINT
Fault address: 004DDFD9 01:000DCFD9 C:\DOCUME~1\Branko\LOCALS~1\Temp\7zS34B.tmp\avgsetup.exe
Module Date: 08/05/2008 10:00:54
File Version of C:\DOCUME~1\Branko\LOCALS~1\Temp\7zS34B.tmp\avgsetup.exe: 8.0.0.159
Exception Date: 09/12/2008 21:31:17

MiniDump Information Saved to C:\DOCUME~1\Branko\LOCALS~1\Temp\avg8inst.dmp

//==<AVG-7.5>===================================================
Exception code: 80000003 BREAKPOINT
Fault address: 004DDFD9 01:000DCFD9 C:\DOCUME~1\Branko\LOCALS~1\Temp\7zS34C.tmp\avgsetup.exe
Module Date: 08/05/2008 10:00:54
File Version of C:\DOCUME~1\Branko\LOCALS~1\Temp\7zS34C.tmp\avgsetup.exe: 8.0.0.159
Exception Date: 09/12/2008 21:31:52

MiniDump Information Saved to C:\DOCUME~1\Branko\LOCALS~1\Temp\avg8inst.dmp

//==<AVG-7.5>===================================================
Exception code: 80000003 BREAKPOINT
Fault address: 004DDFD9 01:000DCFD9 C:\DOCUME~1\Branko\LOCALS~1\Temp\7zS34D.tmp\avgsetup.exe
Module Date: 08/05/2008 10:00:54
File Version of C:\DOCUME~1\Branko\LOCALS~1\Temp\7zS34D.tmp\avgsetup.exe: 8.0.0.159
Exception Date: 09/12/2008 21:32:43

MiniDump Information Saved to C:\DOCUME~1\Branko\LOCALS~1\Temp\avg8inst.dmp

//==<AVG-7.5>===================================================
Exception code: 80000003 BREAKPOINT
Fault address: 004DDFD9 01:000DCFD9 C:\Program Files\AVG\AVG8\setup.exe
Module Date: 08/05/2008 10:00:54
File Version of C:\Program Files\AVG\AVG8\setup.exe: 8.0.0.159
Exception Date: 09/14/2008 21:54:30

MiniDump Information Saved to C:\DOCUME~1\Branko\LOCALS~1\Temp\avg8inst.dmp



File/Folder c:\windows\system32\biueng.dll not found.
File/Folder c:\windows\system32\radjlk.dll not found.
File/Folder c:\windows\system32\byXPGAtQ.dll not found.
File/Folder c:\windows\system32\kpqhpfyb.dll not found.
File/Folder c:\windows\system32\mxxtspik.dll not found.
File/Folder c:\windows\system32\ruraflvv.dll not found.
File/Folder c:\windows\system32\sagvwdwb.dll not found.
File/Folder c:\windows\system32\tijbkupi.dll not found.
File/Folder c:\windows\system32\xpujukrl.dll not found.
File/Folder E:\misc\freeripmp3.exe not found.
File/Folder E:\misc\RosoftCDExtractorFree.exe not found.
File/Folder E:\misc\setupcdripper.exe not found.
File/Folder E:\sa-punog-c-diska\sa-starog-zip-disks\4\zipici-i-exe-ici\XPLUS.EXE not found.
File/Folder G:\sa-punog-c-diska\1a_stari_sa_desktopa\zipici\progs_to_do_archives\ZIPSET2.EXE not found.
C:\VundoFix Backups moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09142008_214815

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:29 PM, on 9/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Branko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ALServ] "C:\Program Files\Altec Lansing\AMS\ALServ.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Stanka')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PhotoCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\PhotoCAL\PhotoCAL.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2594377500
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,dgdzsc.dll,ulluzs.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13119 bytes
branko
Regular Member
 
Posts: 44
Joined: September 6th, 2008, 9:01 pm

Re: virumonde problem

Unread postby Axephilic » September 15th, 2008, 10:55 pm

Hello,

Fix registry entries

Warning. Please note that this fix is specific for this poster and should not be used by anyone else:

1.Backup Your Registry with ERUNT
  • Please download ERUNT from here.
  • Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: To restore your registry, go to the folder and start ERDNT.exe

2. Please do this:
  • Copy the contents of the Code Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
Code: Select all
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~1\\google\\google~2\\goec62~1.dll,c:\\progra~1\\kasper~1\\kasper~1\\mzvkbd.dll,c:\\progra~1\\kasper~1\\kasper~1\\mzvkbd3.dll,c:\\progra~1\\kasper~1\\kasper~1\\adialhk.dll,c:\\progra~1\\kasper~1\\kasper~1\\kloehk.dll,avgrsstx.dll C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL"


Make sure there are NO blank lines before REGEDIT4

Then double-click on the fix.reg file, and when it prompts to merge say yes.


Panda Online Scanner
  1. Click here to perform a Panda online scan. Please use Internet Explorer as it requires ActiveX.
  2. Click on Scan your PC now.
  3. A new window will open.
  4. Select your country and type in your email address. You may also optionally choose to receive emails from Panda. If you don't wish to, please select I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable. option.
  5. Click on Free online scan.
  6. You will be prompted to install an ActiveX. Please allow it.
  7. Once installed, it will start downloading the virus definitions. Please be patient. This takes a while.
  8. Once the files are downloaded, it will ask you to select what to scan. Select My Computer.
  9. The scan will start. It takes a while, please be patient.
  10. Once done, click on View Report.
  11. You will be brought to another page. Click on Save Report. Save it to your desktop. Please post this report in your next reply.


Please post the Panda Scan results and a new HijackThis log.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: virumonde problem

Unread postby branko » September 17th, 2008, 1:06 am

Hi Adam,


Panda ran differently then what you described, I guess they changed free on line version. Any way I copied
the results from their browser window after scan ran and am posting it here.

Thanks.
Branko

«« Back to homeDEMO

Export to:
Threats with free disinfection (1)
Low danger level (1) W97M/Ethan.BE Virus Latent Hide + Info
1. personal folders\razno\bekup-in-boxa\april 6 ... on yugoslavia, sjsu\forumapril.doc


Only available for registered users.
Register free - I'm registered
Threats disinfected with the paid version (2)
Low danger level (2) Application/My... Tracking Application Latent Hide + Info
1. G:\System Volume Information\_restore{46DE892...E9-64119261F211}\RP155\A0037308.exe
2. G:\System Volume Information\_restore{46DE892...E9-64119261F211}\RP152\A0037171.exe

Application/Pr... Tracking Application Latent Hide + Info
1. C:\Documents and Settings\Branko\Desktop\630i...es-sa desktopa\VirtumundoBeGone.exe


Only available in paid version.
Buy - I am a client

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:51 PM, on 9/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Branko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Citrix\GoToAssist\514\G2AProcessFactory.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1080501
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ALServ] "C:\Program Files\Altec Lansing\AMS\ALServ.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Stanka')
O4 - HKUS\S-1-5-21-647942345-1826879831-843577932-1006\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Stanka')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PhotoCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\PhotoCAL\PhotoCAL.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2594377500
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13222 bytes
branko
Regular Member
 
Posts: 44
Joined: September 6th, 2008, 9:01 pm

Re: virumonde problem

Unread postby Axephilic » September 18th, 2008, 9:18 pm

Hello,

You still need to remove AVG. I am going to refer you to the AVG forums for official support. Please post your problem with uninstalling, with the exact error message, in the most appropriate forum here. I'm sure they will be able to help you with getting it uninstalled. It is VERY important that you get this unistalled, because it can cause your system to become unstable and even crash. It also could be one of the causes of your computer running slowly.

You can also refer to this tutorial: http://www.malwareremoval.com/tutorials ... slowly.php. It should help speed up your computer. :)

Please open up Outlook/Outlook Express and find the email containing forumapril.doc. Delete this email, this includes deleting it from the Deleted Items folder.

  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    C:\Documents and Settings\Branko\Desktop\VirtumundoBeGone.exe /s
    C:\Documents and Settings\Branko\Desktop\RSIT.exe
    C:\rsit
    

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.

    Please make sure you stop and let me know if you encounter any problems with this! :)
  • Click the red Moveit! button.
  • Click the CleanUp! button.
  • When it prompts you to Restart, click Yes.


  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if found):

    J2SE Runtime Environment 5.0 Update 6

Now you can close Add/Remove Programs.

Hide system files

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Do not show hidden files and folders.
  6. Check (tick) Hide extensions of known file types.
  7. Check (tick) Hide protected operating system files (Recommended).
  8. Click OK.
  9. Close My Computer.

Flush the system restore points

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Check (tick) Turn off system restore on all drives box.
  4. Click Apply.
  5. Uncheck (untick) Turn off system restore on all drives box.
  6. Click OK.
  7. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.

Congratulations! You are now all clean! To help to prevent from becoming reinfected, please follow the instructions below in order. If you have any questions, please feel free to ask them.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update


Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

  1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  2. Never open emails from unknown senders.
  3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer.

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Stop malicious scripts

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  2. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.


    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

  3. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: virumonde problem

Unread postby branko » September 21st, 2008, 2:22 am

Adam,

Thank you for the help. Today browsers are back at their usual speed!

You directed me to this : Please open up Outlook/Outlook Express and find the email containing forumapril.doc. Delete this email, this includes deleting it from the Deleted Items folder.

I could not find that email and that file, even if I searched for it, so I did not delete it. Do you have more data on it, locations wise?

Also, Itried unistalling Kapersky also, since I want to rever to my original trendMicro PCillin, but I could not uninstall Kapersky as well,
it is complaining that it cannot stop the services. Is there a Kaspersky forym you could direct me to?


Again, thanks much.
Branko
branko
Regular Member
 
Posts: 44
Joined: September 6th, 2008, 9:01 pm

Re: virumonde problem

Unread postby Axephilic » September 22nd, 2008, 10:02 pm

Hello,

It may be that the bad email was deleted but they have not compacted their Personal Folders file - this means that the email is still there but no longer shown in Outlook. To remove all deleted items from the file and reclaim the disk space you should compact the PF file by following the steps under To Manually Start OST Compaction here:
http://support.microsoft.com/kb/291645

Kaspersky's forum is located here - http://forum.kaspersky.com/

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: virumonde problem

Unread postby Axephilic » September 26th, 2008, 9:25 pm

Hi,

It's been a while since your last response. If you don't reply within 24 hours, this topic will be closed.

Thanks,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware