Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think I have viruses :S

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think I have viruses :S

Unread postby crunchy1991 » May 15th, 2009, 8:52 am

Man my net is very slow it wasnt like this before. Mozilla Firefox is crashing randomly and accounts from forums are stolen from me :S Man 100% this keylogger viruses thing. Can someone help fix my computer???? I tried many scanners never find virus but im telling you this computer is not in shape like it used to be since few days... Please help remove this nasty viruses
HiJackthis logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:29, on 15.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4024750750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1697059625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 3773 bytes
crunchy1991
Banned Member
 
Posts: 9
Joined: May 15th, 2009, 8:47 am
Advertisement
Register to Remove

Re: I think I have viruses :S

Unread postby MWR 3 day Mod » May 18th, 2009, 9:59 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: I think I have viruses :S

Unread postby peku006 » May 19th, 2009, 1:28 am

Hello and welcome to Malware Removal

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • I f you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

1 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: I think I have viruses :S

Unread postby crunchy1991 » May 19th, 2009, 5:00 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by cika at 2009-05-19 10:42:28
Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (19%) free of 75 GB
Total RAM: 2559 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:48, on 19.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\cika\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\cika.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 79.110.86.230 board.ogame.org
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4024750750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1697059625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9d6e793718690) (gupdate1c9d6e793718690) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 5092 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Documents and Settings\cika\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\cikatemp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-05-19 10:42:28 ----D---- C:\rsit
2009-05-17 14:06:25 ----D---- C:\Documents and Settings\cika\Application Data\Google
2009-05-17 14:03:58 ----D---- C:\Program Files\Google
2009-05-14 00:23:48 ----D---- C:\WINDOWS\ie8updates
2009-05-11 20:09:01 ----SHD---- C:\RECYCLER
2009-05-11 20:02:44 ----D---- C:\WINDOWS\temp
2009-05-07 02:58:30 ----D---- C:\Program Files\Secunia
2009-05-07 02:18:15 ----A---- C:\WINDOWS\Eurobattle.net Installer Uninstall Log.txt
2009-05-07 02:16:07 ----D---- C:\Documents and Settings\cika\Application Data\GRETECH
2009-05-07 02:15:52 ----D---- C:\Program Files\GRETECH
2009-05-05 23:53:59 ----D---- C:\Program Files\Avira
2009-05-05 23:53:59 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-05-05 12:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968006-v2$
2009-05-05 12:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-05 12:35:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-05 12:34:45 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-05 12:33:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-05 12:33:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-05 12:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-05 12:32:31 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-05-05 12:30:17 ----HDC---- C:\WINDOWS\ie8
2009-05-02 11:19:43 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-02 11:19:43 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-02 11:19:43 ----A---- C:\WINDOWS\system32\java.exe
2009-05-01 20:13:50 ----D---- C:\Program Files\Microsoft
2009-05-01 20:13:09 ----D---- C:\Program Files\Windows Live
2009-05-01 20:06:43 ----D---- C:\Program Files\Common Files\Windows Live
2009-04-28 22:12:16 ----A---- C:\WINDOWS\system32\WING.DLL
2009-04-21 08:39:07 ----D---- C:\Documents and Settings\cikaApplication Data\Apple Computer

======List of files/folders modified in the last 1 months======

2009-05-19 10:36:06 ----D---- C:\Program Files\Mozilla Firefox
2009-05-19 10:36:01 ----D---- C:\WINDOWS\Prefetch
2009-05-19 10:01:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-19 07:21:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-19 07:21:29 ----D---- C:\Documents and Settings\cika\Application Data\foobar2000
2009-05-18 21:42:29 ----D---- C:\Program Files\Garena
2009-05-18 20:27:33 ----D---- C:\WINDOWS\system32
2009-05-18 17:45:12 ----D---- C:\Program Files\PowerArchiver
2009-05-18 16:19:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-18 15:44:41 ----D---- C:\WINDOWS
2009-05-18 15:36:46 ----SHD---- C:\WINDOWS\Installer
2009-05-18 15:36:46 ----SHD---- C:\Config.Msi
2009-05-18 15:36:21 ----D---- C:\WINDOWS\system32\drivers
2009-05-18 15:36:03 ----HD---- C:\WINDOWS\inf
2009-05-18 15:35:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-18 15:34:24 ----RD---- C:\Program Files
2009-05-18 15:34:24 ----D---- C:\Program Files\Common Files
2009-05-17 19:39:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-17 19:27:16 ----D---- C:\Documents and Settings\cika\Application Data\Adobe
2009-05-17 14:19:51 ----SD---- C:\WINDOWS\Tasks
2009-05-15 20:57:08 ----RSD---- C:\WINDOWS\assembly
2009-05-15 18:17:48 ----D---- C:\Documents and Settings\cika\Application Data\mIRC
2009-05-15 18:16:31 ----D---- C:\Program Files\mIRC
2009-05-14 00:23:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-14 00:23:56 ----D---- C:\Program Files\Internet Explorer
2009-05-14 00:23:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-13 21:26:14 ----D---- C:\FF
2009-05-13 14:51:00 ----SHD---- C:\System Volume Information
2009-05-13 14:51:00 ----D---- C:\WINDOWS\system32\Restore
2009-05-11 21:29:26 ----D---- C:\Documents and Settings\cika\Application Data\OnlineArmor
2009-05-11 20:00:23 ----A---- C:\WINDOWS\system.ini
2009-05-11 19:59:37 ----D---- C:\WINDOWS\AppPatch
2009-05-10 18:15:39 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-08 23:33:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-07 14:17:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-05-07 14:03:15 ----D---- C:\Program Files\Foxit Software
2009-05-07 02:19:43 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-06 20:44:03 ----D---- C:\cika_clown
2009-05-05 23:51:44 ----D---- C:\WINDOWS\WinSxS
2009-05-05 12:38:08 ----D---- C:\WINDOWS\system32\wbem
2009-05-05 12:38:08 ----D---- C:\WINDOWS\system32\en-US
2009-05-05 12:38:08 ----D---- C:\WINDOWS\Media
2009-05-05 12:38:07 ----D---- C:\WINDOWS\Help
2009-05-05 12:37:05 ----A---- C:\WINDOWS\imsins.BAK
2009-05-02 11:19:31 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-01 20:13:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-29 20:10:25 ----D---- C:\Program Files\dW3gParser
2009-04-28 22:12:16 ----D---- C:\WINDOWS\system
2009-04-28 17:46:35 ----SD---- C:\Documents and Settings\cika\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-04-23 818496]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S2 FILESpy;FILESpy; \??\C:\Program Files\Softwin\BitDefender8\filespy.sys []
S2 REGSpy;REGSpy; \??\C:\Program Files\Softwin\BitDefender8\regspy.sys []
S3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 mbr;mbr; \??\C:\DOCUME~1\CIKALOCALS~1\Temp\mbr.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\10F.tmp []
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 cdawdm;CDAWDM; C:\WINDOWS\system32\DRIVERS\CDAWDM.sys []
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2008-09-29 133632]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\oacat.exe [2008-11-26 1402568]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2007-10-08 150064]
S2 gupdate1c9d6e793718690;Google Update Service (gupdate1c9d6e793718690); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-17 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-29 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S3 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-11-26 3321032]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-05-19 10:42:51

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
CA AllFusion ERwin Data Modeler r7-->MsiExec.exe /I{35CCF862-10B8-4436-B8C6-5FC84A5F645E}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
foobar2000 v0.9.6-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB955535)-->"C:\WINDOWS\$NtUninstallKB955535$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB959252)-->"C:\WINDOWS\$NtUninstallKB959252$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB968006-v2)-->"C:\WINDOWS\$NtUninstallKB968006-v2$\spuninst\spuninst.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Codec Pack 3.8.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Management Studio Express-->MsiExec.exe /I{A4512736-8D63-4298-9271-5329931FA46B}
Microsoft SQL Server Native Client-->MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Online Armor 3.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerArchiver 2007-->MsiExec.exe /I{D0F210C9-64C5-41C6-8882-A111C6C49911}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Python 2.6-->MsiExec.exe /I{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Real Alternative 1.7.5-->"C:\Program Files\Real Alternative\unins000.exe"
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB955704)-->"C:\WINDOWS\$NtUninstallKB955704$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VentriloMIX-->D:\Program Files\VentriloMIX\Uninstal.exe
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM-->MsiExec.exe /I{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}
Warcraft III 1.22 Patch-->C:\Program Files\InstallShield Installation Information\{983CE4AE-052A-4AD6-92ED-177DFC85DAE5}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

=====HijackThis Backups=====

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2008-04-01]
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto [2008-04-06]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2008-04-06]
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [2008-04-06]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2008-04-06]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-04-14]
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore [2008-05-28]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [2008-06-04]
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-13]
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-06-18]
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe" [2008-06-21]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-07-09]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2008-07-21]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 [2008-08-22]
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\cika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [2008-09-02]
O4 - HKLM\..\Run: [w3dr.exe] D:\Games\Warcraft III\w3dr.exe [2008-09-05]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2008-09-06]
O20 - AppInit_DLLs: sockspy.dll [2008-09-06]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2008-09-06]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2008-09-06]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2008-09-06]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2008-10-09]
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe [2008-10-13]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2008-10-14]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2008-10-14]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2008-10-14]
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [2008-10-20]
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2008-10-31]
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-10-31]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2008-11-05]
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-11-06]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2008-11-27]
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [2008-11-27]
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC [2008-11-27]
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [2008-11-27]
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [2008-11-27]
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2008-11-27]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ [2008-11-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2008-11-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2008-11-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2008-11-27]
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing) [2008-11-27]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-02]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-02]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-02]
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing) [2008-12-02]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing) [2008-12-02]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-03]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ [2008-12-03]
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing) [2008-12-03]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll [2008-12-03]
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll [2008-12-03]
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-12-10]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-12-10]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL [2008-12-31]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 [2008-12-31]
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2008-12-31]
O4 - HKLM\..\Policies\Explorer\Run: [ ] # [2008-12-31]
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-12-31]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [2008-12-31]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2008-12-31]
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2008-12-31]
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2009-01-07]
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2009-01-07]
O4 - Startup: is-7MEC9.lnk = C:\Program Files\Virus Removal Tool\is-7MEC9\startup.exe [2009-01-19]
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab [2009-01-24]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-24]
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-24]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-24]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-01-24]
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab [2009-01-24]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-24]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2818851843 [2009-01-24]
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2009-02-03]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-26]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-26]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-26]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [2009-04-18]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-05-02]
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-05-02]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-05-02]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-02]
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2009-05-08]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2009-05-08]

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 www.0scan.com

======Security center information======

AV: AntiVir Desktop
FW: Online Armor Firewall (disabled)

======System event log======

Computer Name: N-73D1E0D2CA5D4
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000B6A42ECA6. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 38849
Source Name: Dhcp
Time Written: 20090415125037.000000+120
Event Type: warning
User:

Computer Name: N-73D1E0D2CA5D4
Event Code: 1002
Message: The IP address lease 192.168.1.2 for the Network Card with network address 000B6A42ECA6 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 38843
Source Name: Dhcp
Time Written: 20090415092840.000000+120
Event Type: error
User:

Computer Name: N-73D1E0D2CA5D4
Event Code: 1002
Message: The IP address lease 192.168.1.2 for the Network Card with network address 000B6A42ECA6 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 38836
Source Name: Dhcp
Time Written: 20090415083250.000000+120
Event Type: error
User:

Computer Name: N-73D1E0D2CA5D4
Event Code: 7000
Message: The REGSpy service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 38820
Source Name: Service Control Manager
Time Written: 20090415083041.000000+120
Event Type: error
User:

Computer Name: N-73D1E0D2CA5D4
Event Code: 7000
Message: The FILESpy service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 38819
Source Name: Service Control Manager
Time Written: 20090415083041.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: N-73D1E0D2CA5D4
Event Code: 4113
Message: AntiVir has detected 'HEUR/HTML.Malware'
in the file
C:\Documents and Settings\cika\Desktop\cas 07.html

Record Number: 18153
Source Name: Avira AntiVir
Time Written: 20090420162400.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: N-73D1E0D2CA5D4
Event Code: 4113
Message: AntiVir has detected 'HEUR/HTML.Malware'
in the file
C:\Documents and Settings\cika\Desktop\cas 07.html

Record Number: 18152
Source Name: Avira AntiVir
Time Written: 20090420162342.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: N-73D1E0D2CA5D4
Event Code: 4113
Message: AntiVir has detected 'HEUR/HTML.Malware'
in the file
C:\Documents and Settings\cika\Desktop\cas 07.html

Record Number: 18151
Source Name: Avira AntiVir
Time Written: 20090420162341.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: N-73D1E0D2CA5D4
Event Code: 4113
Message: AntiVir has detected 'HEUR/HTML.Malware'
in the file
C:\Documents and Settings\cika\Desktop\cas 06.html

Record Number: 18150
Source Name: Avira AntiVir
Time Written: 20090420162308.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: N-73D1E0D2CA5D4
Event Code: 4113
Message: AntiVir has detected 'HEUR/HTML.Malware'
in the file
C:\Documents and Settings\cikaDesktop\cas 06.html

Record Number: 18149
Source Name: Avira AntiVir
Time Written: 20090420162307.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Microsoft SQL Server\90\Tools\binn
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
crunchy1991
Banned Member
 
Posts: 9
Joined: May 15th, 2009, 8:47 am

Re: I think I have viruses :S

Unread postby peku006 » May 19th, 2009, 7:19 am

Hi crunchy1991

1 - Clean temp files

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

2 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: I think I have viruses :S

Unread postby crunchy1991 » May 19th, 2009, 1:18 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, May 19, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 19, 2009 12:27:45
Records in database: 2196013
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 139687
Threat name: 172
Infected objects: 246
Suspicious objects: 6
Duration of the scan: 03:08:06


File name / Threat name / Threats count
C:\Documents and Settings\cika\Desktop\faks sve\inf\5\cas 05.html Infected: Trojan-Clicker.HTML.IFrame.aga 1
C:\Documents and Settings\cika\Desktop\faks sve\inf\6\cas 06.html Infected: Trojan-Clicker.HTML.IFrame.aga 1
C:\Documents and Settings\cika\Desktop\faks sve\inf\7\cas 07.html Infected: Trojan-Clicker.HTML.IFrame.aga 1
C:\Documents and Settings\cika\Desktop\faks sve\inf\IT_Pred_5.zip Infected: Trojan-Clicker.HTML.IFrame.aga 1
C:\Documents and Settings\cika\Desktop\faks sve\inf\IT_pred_6.zip Infected: Trojan-Clicker.HTML.IFrame.aga 1
C:\Documents and Settings\cika\Desktop\faks sve\inf\IT_pred_7.zip Infected: Trojan-Clicker.HTML.IFrame.aga 1
C:\Documents and Settings\cika\Desktop\somfi\Exploit_Code_-_Decoded-Final.txt Infected: Trojan-Downloader.JS.Iframe.sx 1
C:\Documents and Settings\cika\Desktop\somfi\Exploit_Code_-_Decoded_PT1.txt Infected: Trojan-Downloader.JS.Iframe.sy 1
C:\Documents and Settings\cika\Desktop\somfi\Exploit_Code_-_Original.txt Infected: Trojan-Downloader.JS.Iframe.sz 1
C:\Documents and Settings\cika\Desktop\somfi\Hack_Kit.rar Infected: not-a-virus:NetTool.Win32.Delf.d 1
C:\Documents and Settings\cika\Desktop\somfi\Hack_Kit.rar Infected: not-a-virus:NetTool.Win32.Portscan.c 1
C:\Documents and Settings\cika\Desktop\somfi\install_flash_player.zip Infected: Trojan.Win32.Agent.afkw 1
C:\Documents and Settings\cika\Desktop\somfi\Lurker.rar Infected: Trojan-PSW.Win32.Delf.dak 1
C:\Documents and Settings\cika\Desktop\somfi\Lurker.rar Infected: Trojan-PSW.Win32.Delf.dbi 1
C:\Documents and Settings\cika\Desktop\somfi\rokits.rar Infected: Flooder.Win32.VB.ft 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.BAT.Revenge 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.BAT.IBBM.generic 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.MSWord.Tech.g 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: IRC-Worm.BAT.Generic 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Win32.Alcaul.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan.Win32.SendExe 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Alcaul.m 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Constructor.MSWord.NTVCK 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Alcaul.ag 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.BAT.Baatezu 4
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.VBS.Chu.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.VBS.Alcaul 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.MSWord.Intruded.d 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.VBS.Alcaul.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.VBS.Petik 3
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Suspicious: Email-Worm.VBS.generic 4
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Alcaul.n 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Petik 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.MSWord.PPack 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Constructor.MSWord.NWXPG 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan.BAT.HaltWin.e 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: IRC-Worm.BAT.Spth.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Constructor.VBS.WCGen 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Win32.Enerlam.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: IRC-Worm.IRC.Generic 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.MSWord.Chester 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.WinREG.Sptohell.b 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.VBS.Craytron 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: IRC-Worm.MSWord.Blackput 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Perl.Nirvana 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Constructor.DOS.Formater.b 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.BAT.Verocha 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.VBS.Jerm.b 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Merkur.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Alcaul.t 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.VBS.Clown.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Win32.Egolet.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Constructor.MSWord.MVCKA 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.BAT.Br 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.PHP.Rabow 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.PHP.Feast.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: VirTool.BAT.Brng.23 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.JS.Cassa 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: IRC-Worm.DOS.Phant 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.MSWord.Turmol 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.BAT.Spth.Checker.b 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan.BAT.HaltWin.f 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.JS.Sinop 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.HTML.Fpumb 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.MSWord.Intruded 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan.BAT.KillAV.ae 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Crock 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.BAT.Teepoly 3
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: P2P-Worm.BAT.Copybat.ad 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan-Dropper.BAT.Dmenu.l 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: VirTool.Win32.Biweaver 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Constructor.Win32.NAVM.c 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Constructor.Win32.NWWF 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: VirTool.Win32.Pepatcher.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Constructor.Win32.Worgen.a 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan-Downloader.Win32.Small.abn 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.JS.Ganym.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.JS.Jabbit.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.JS.Marius.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.JS.Rakid.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Menuet.Tristesse.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Menuet.Xymo.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: P2P-Worm.Win32.VB.cf 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan-Downloader.Win32.VB.ex 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Ruby.Pydoxon.b 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Win32.HLLP.Nilob 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Win32.Zaka.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Scaline.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Win32.HLLC.Novelce.b 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Win32.HLLC.Novelce.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Win32.HLLC.Novelce.c 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Win32.Arrow.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Win32.NGVCK.gen 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Backdoor.Win32.VB.ago 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Drefir.c 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.JS.Macar.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.VBS.Macar.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.VBS.Macar.b 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.VBS.Macar.c 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Suspicious: Type_Script 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Backdoor.Win32.IRCBot.sn 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Backdoor.Win32.IRCBot.tr 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan.Win32.Small.jb 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: IRC-Worm.Win32.Tutiam.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Drefir.d 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Drefir.f 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Worm.Win32.Agent.d 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Luder.b 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Luder.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.LoveLetter.b 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.Win32.Mixor.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: P2P-Worm.MSIL.Small.e 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.MSIL.Small.h 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: IRC-Worm.Win32.Delf.b 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Backdoor.Win32.Delf.alg 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: IRC-Worm.Win32.Small.p 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Multi.Bi.a 5
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.MSWord.Czimoz.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: P2P-Worm.Win32.Cayen.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.StarOffice.Stardust.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan-Downloader.Win32.Tiny.dr 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Matlab.Xic.b 4
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Matlab.Xic.a 29
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Matlab.Gabol.a 3
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: P2P-Worm.MSIL.Lupar.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.MSIL.Letum.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan.Win32.Agent.un 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.Win32.Icabdi.b 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: P2P-Worm.MSH.Skowor.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Worm.Win32.Small.j 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Worm.PHP.Sorobor.a 7
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Constructor.Win32.DFSG 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan.BAT.Delwin.h 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.BAT.Limi.c 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.VBS.Sdan.b 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Suspicious: Type_Macro 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.MSOffice.Source 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.BAT.Eversaw 3
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan.BAT.HaltWin.d 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Email-Worm.BAT.Calhob 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.VBS.Valium.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Constructor.Win32.CWG.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Virus.BAS.Xyc 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: IRC-Worm.BAT.Phile.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Constructor.DOS.BWG.503 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Constructor.DOS.BWG.501.a 2
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: EICAR-Test-File 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: VirTool.BAT.Nihi.a 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan.BAT.Krebs 1
C:\Documents and Settings\cika\Desktop\somfi\rrlf_bestof.zip Infected: Trojan.DOS.Snooby 1
C:\Documents and Settings\cika\Desktop\somfi\Various_Artists-Todays_Top1.mp3.zip Infected: Trojan-Downloader.Win32.Zlob.acik 1
C:\Documents and Settings\cika\Desktop\somfi\win32( od usbto).zip Infected: Backdoor.Win32.Agent.qfc 1
C:\Documents and Settings\cika\Desktop\somfi\WindowsOptimizer.zip Infected: Trojan.Win32.VB.nys 1
C:\Documents and Settings\cika\Desktop\molver\4chan Auto Poster.zip Infected: Trojan-Downloader.Win32.Agent.akwa 1
C:\Documents and Settings\cika\Desktop\molver\7ECE82E4d01.zip Infected: Trojan-Clicker.HTML.IFrame.aem 1
C:\Documents and Settings\cika\Desktop\molver\Emma Watson totally nude with girlfriend in a bath.zip Infected: Trojan-Downloader.Win32.Agent.bsgr 1
C:\Documents and Settings\cika\Desktop\molver\inferno(od method za mirc.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.601 1
C:\Documents and Settings\cika\Desktop\molver\KKFV1.5.0.rar Infected: HackTool.MSIL.KKFinder.v 1
C:\Documents and Settings\cika\Desktop\molver\nc.zip Infected: not-a-virus:RemoteAdmin.Win32.NetCat.jd 1
C:\Documents and Settings\cika\Desktop\molver\PICT00002.zip Infected: Trojan.Win32.AntiAV.aaf 1
C:\Documents and Settings\cika\Desktop\molver\sysdate(na ace virusot).zip Infected: Trojan.Win32.Pakes.mas 1
C:\Documents and Settings\cika\Desktop\molver\tdss.zip Infected: Backdoor.Win32.TDSS.bkt 1
C:\Documents and Settings\cika\Desktop\molver\teencum.zip Infected: Trojan-Downloader.Win32.Agent.bsgr 1
C:\Documents and Settings\cika\Desktop\molver\Video.rar Infected: Trojan.Win32.Monder.afwk 1
C:\Documents and Settings\cika\Desktop\molver\vundo sine.zip Infected: Backdoor.Win32.Hupigon.ckzs 2
C:\Documents and Settings\cika\Desktop\bvip\msn bots\Live_Bot_1.0\msnlive.dat Infected: Trojan-Spy.Win32.BZub.fjp 2
C:\Documents and Settings\cika\Desktop\bvip\msn bots\Yahoo Booter!.rar Infected: Trojan-Spy.Win32.BZub.fjp 2
C:\Documents and Settings\cika\Desktop\bvip\Password_hacker__.rar Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 1
C:\Documents and Settings\cika\Desktop\bvip\Password_hacker__.rar Infected: not-a-virus:Monitor.Win32.Perflogger.ad 1
C:\Documents and Settings\cika\Desktop\bvip\Password_hacker__.rar Infected: not-a-virus:Monitor.Win32.Perflogger.cl 1
C:\Documents and Settings\cika\Desktop\bvip\Password_hacker__.rar Infected: not-a-virus:Monitor.Win32.Perflogger.ca 2
C:\Documents and Settings\cika\Desktop\bvip\Password_hacker__.rar Infected: not-a-virus:Monitor.Win32.Perflogger.df 1
C:\Documents and Settings\cika\Desktop\bvip\Password_hacker__.rar Infected: not-a-virus:Monitor.Win32.Perflogger.fq 1
C:\Documents and Settings\cika\Desktop\bvip\Password_hacker__.rar Infected: not-a-virus:Monitor.Win32.Perflogger.cb 1
C:\Documents and Settings\cika\Desktop\bvip\Password_hacker__.rar Infected: not-a-virus:PSWTool.Win32.Dialupass.an 1
C:\Documents and Settings\cika\Desktop\bvip\Password_hacker__.rar Infected: not-a-virus:PSWTool.Win32.MailPassView.130 1
C:\Documents and Settings\cika\Desktop\bvip\Password_hacker__.rar Infected: not-a-virus:PSWTool.Win32.NetScaPass.a 1
C:\Documents and Settings\cika\Desktop\bvip\VEX(ventrilo flooder).zip Infected: Trojan.Win32.Obfuscated.qti 1
C:\Documents and Settings\cika\Desktop\programista\OTMoveIt3.exe Infected: Backdoor.Win32.SubSeven.asv 1
C:\Documents and Settings\cika\Desktop\programista\OTMoveIt3.zip Infected: Backdoor.Win32.SubSeven.asv 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:31, on 19.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4024750750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1697059625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9d6e793718690) (gupdate1c9d6e793718690) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 3589 bytes
crunchy1991
Banned Member
 
Posts: 9
Joined: May 15th, 2009, 8:47 am

Re: I think I have viruses :S

Unread postby peku006 » May 19th, 2009, 2:16 pm

Hi crunchy1991

have you downloaded this rrlf_bestof.zip ?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: I think I have viruses :S

Unread postby crunchy1991 » May 19th, 2009, 2:49 pm

yp
crunchy1991
Banned Member
 
Posts: 9
Joined: May 15th, 2009, 8:47 am

Re: I think I have viruses :S

Unread postby peku006 » May 19th, 2009, 4:12 pm

Hi crunchy1991

I do not understand why you did it ,what is the reason :scratch:
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: I think I have viruses :S

Unread postby crunchy1991 » May 19th, 2009, 5:50 pm

some time ago i was very interested in viruses and stuff so i stumped upon a website which owners were ex malware writers or something and they've uploaded all of their "precious" work. so i downloaded in case i get very curious about it. dunt get me wrong its not like i wanted to write viruses lol just wanted to know how they work.

but it's a rar, they are not active, you should know that Image

i have some other super hidden infection, i'm sure!
crunchy1991
Banned Member
 
Posts: 9
Joined: May 15th, 2009, 8:47 am

Re: I think I have viruses :S

Unread postby peku006 » May 20th, 2009, 1:36 pm

Hello crunchy1991

I'd like you to read the this thread

I notice that you have some cracks/keygens on your computer. The policy of this forum is that no one who is found to have pirated or cracked software on their computer will be helped on this forum. So posters who use pirated software and cracks do not engender a lot of sympathy. You likely got infected by using cracked software or visiting crack sites, as you have said.

ChrisRLG(this websites's creator) said:

ChrisRLG wrote:Bank robbers get out of the bank after stealing some money, jump in the getaway car, and around the corner, they run into a road block and are carted off to the Judge.

The Robbers are convicted of stealing in one of its forms and the driver of the getaway car is convicted of 'Aiding and Abetting' the robbers in their crime.


Therefore, We are in a similar position to that driver of that getaway car; if we assist a criminal (the person who is breaking the law) with his crime, we are then Aiding and Abetting that crime.

Sorry, I would love to help you clean your computer, But stealing software is illegal and something that I don't take lightly. This thread will be closed. Please don't start a new thread until you have decided to stop using cracked software and remove it from your computer.
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: I think I have viruses :S

Unread postby crunchy1991 » May 20th, 2009, 1:48 pm

cracked software? what cracked software????
you find excuses becuz you cant diagnose the infect, you could at least be honest with me

all the software that i have on my computer is legally BOUGHT.(confirmed with my dad)

adobe products, fraps etc
crunchy1991
Banned Member
 
Posts: 9
Joined: May 15th, 2009, 8:47 am

Re: I think I have viruses :S

Unread postby peku006 » May 20th, 2009, 2:21 pm

you have downloaded hacks, key generators, etc. now your system is infected with trojans and rootkits. I have no sympathy. This site does not support the use of illegal/pirated/hacked software
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: I think I have viruses :S

Unread postby crunchy1991 » May 20th, 2009, 3:14 pm

dude i didnt even extracted that rar... it was long time ago + i didnt download anything else
crunchy1991
Banned Member
 
Posts: 9
Joined: May 15th, 2009, 8:47 am

Re: I think I have viruses :S

Unread postby Gary R » May 22nd, 2009, 3:11 pm

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware