Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need your help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need your help

Unread postby espirit » November 4th, 2010, 9:26 am

I folow the rules about XP users and here it is the rezults:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:11:58, on 04.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvtubesearch.co/?tmp=toolbar_Fl ... 9d6f803c92
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.taazu.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=mnv&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000567} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [RemoveIT Pro v7Ent] C:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.myway.com/menusearch.jhtml ... 2010070910
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - C:\windows\system32\shdocvw.dll (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61BBE630-DC4F-4AC1-95AA-51020275199F}: NameServer = 85.30.107.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: QueryBrowser Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\QueryBrowser\querybrowser111.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9027 bytes



THIS IS UNINSTALL LIST
:? :? :? :? µTorrent
ABBYY FineReader 6.0 Sprint
Acer ePowerManagement
acer Wireless LAN
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
Advanced SystemCare 3
ALTools Update
Atheros Client Installation Program
Broadcom 440x 10/100 Integrated Controller
Chinese Simplified Fonts Support For Adobe Reader 9
Chinese Traditional Fonts Support For Adobe Reader 9
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
Download Accelerator Plus (DAP)
ECA vrt-disk 2005 patch
Epson Easy Photo Print 2
Epson Event Manager
Epson Printer Software Downloader
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX110_TX110 Прирачник
EPSON SX110 Series Printer Uninstall
EPSON Web-To-Page
Free Image Converter
Free Video Converter V 1.0
FullScreen Photo Viewer 1.9
Gerbtool
Google Earth
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageConverter Plus 8.0
Intel(R) Extreme Graphics 2 Driver
Japanese Fonts Support For Adobe Reader 9
Java(TM) 6 Update 22
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.15)
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multisim 8
Nero 6 Ultra Edition
Nero Media Player
NeroMIX
NeroVision Express 2
Nokia Connectivity Cable Driver
Nokia Ovi Player
Nokia PC Suite
Nokia PC Suite
Nokia_Multimedia_Common_Components_2_5
NVIDIA Drivers
Opera 10.53
PC Connectivity Solution
Photo DVD Slideshow Pro 8.08
PhotoMail Maker
PhotoMail Maker
RealPlayer
RealUpgrade 1.0
RemoveIT Pro v7 (Trial)
save2pc Pro 3.25
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 4.2
SoftV92 Data Fax Modem with SmartCP
Stb Xml Signature
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Total Video Converter 3.71 100812
Ultiboard 8
Ultiroute 8
UnHackMe 5.99 release
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.3
vrt-disk 2005
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
espirit
Active Member
 
Posts: 12
Joined: November 2nd, 2010, 8:41 pm
Advertisement
Register to Remove

Re: Need your help

Unread postby askey127 » November 7th, 2010, 11:09 am

Hi espirit,
Sorry for the delay. If you still need help and are not receiving it elsewhere, please proceed as follows:
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program utorrent in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Limewire, Vuze, Shareaza, Bitlord.
(Limewire has just been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
µTorrent
Advanced SystemCare 3
Download Accelerator Plus (DAP)

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000567} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.myway.com/menusearch.jhtml ... 2010070910
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - C:\windows\system32\shdocvw.dll (HKCU)

If your Internet Provider is NOT in Macedonia, please check this line also:
O17 - HKLM\System\CCS\Services\Tcpip\..\{61BBE630-DC4F-4AC1-95AA-51020275199F}: NameServer = 85.30.107.2

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
-----------------------------------------------
Install, Update, Scan with Antivir
Double Click the Avira Antivir Installer on your desktop , Install the program, Have it update itself, and run a full scan.
Have it fix anything it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need your help

Unread postby espirit » November 8th, 2010, 12:54 pm

Hi askey127,

Thanks for your help. I`ve done every step you told me and here are the contents of the Avista Report:



Avira AntiVir Personal
Report file date: понеделник, 08 ноември 2010 13:53

Scanning for 3022070 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : User
Computer name : SANJA

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 09.08.2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 02.08.2010 15:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01.04.2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 02.08.2010 15:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.02.2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 11:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 15:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 15:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 15:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 11:55:10
VBASE009.VDF : 7.10.13.80 2265600 Bytes 02.11.2010 11:55:20
VBASE010.VDF : 7.10.13.81 2048 Bytes 02.11.2010 11:55:20
VBASE011.VDF : 7.10.13.82 2048 Bytes 02.11.2010 11:55:20
VBASE012.VDF : 7.10.13.83 2048 Bytes 02.11.2010 11:55:20
VBASE013.VDF : 7.10.13.116 147968 Bytes 04.11.2010 11:55:20
VBASE014.VDF : 7.10.13.147 146944 Bytes 07.11.2010 11:55:21
VBASE015.VDF : 7.10.13.148 2048 Bytes 07.11.2010 11:55:21
VBASE016.VDF : 7.10.13.149 2048 Bytes 07.11.2010 11:55:21
VBASE017.VDF : 7.10.13.150 2048 Bytes 07.11.2010 11:55:21
VBASE018.VDF : 7.10.13.151 2048 Bytes 07.11.2010 11:55:21
VBASE019.VDF : 7.10.13.152 2048 Bytes 07.11.2010 11:55:21
VBASE020.VDF : 7.10.13.153 2048 Bytes 07.11.2010 11:55:21
VBASE021.VDF : 7.10.13.154 2048 Bytes 07.11.2010 11:55:22
VBASE022.VDF : 7.10.13.155 2048 Bytes 07.11.2010 11:55:22
VBASE023.VDF : 7.10.13.156 2048 Bytes 07.11.2010 11:55:22
VBASE024.VDF : 7.10.13.157 2048 Bytes 07.11.2010 11:55:22
VBASE025.VDF : 7.10.13.158 2048 Bytes 07.11.2010 11:55:22
VBASE026.VDF : 7.10.13.159 2048 Bytes 07.11.2010 11:55:22
VBASE027.VDF : 7.10.13.160 2048 Bytes 07.11.2010 11:55:22
VBASE028.VDF : 7.10.13.161 2048 Bytes 07.11.2010 11:55:22
VBASE029.VDF : 7.10.13.162 2048 Bytes 07.11.2010 11:55:22
VBASE030.VDF : 7.10.13.163 2048 Bytes 07.11.2010 11:55:22
VBASE031.VDF : 7.10.13.164 2048 Bytes 07.11.2010 11:55:22
Engineversion : 8.2.4.92
AEVDF.DLL : 8.1.2.1 106868 Bytes 02.08.2010 15:09:54
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 08.11.2010 11:55:35
AESCN.DLL : 8.1.6.1 127347 Bytes 02.08.2010 15:09:53
AESBX.DLL : 8.1.3.1 254324 Bytes 02.08.2010 15:09:53
AERDL.DLL : 8.1.9.2 635252 Bytes 08.11.2010 11:55:33
AEPACK.DLL : 8.2.3.11 471416 Bytes 08.11.2010 11:55:32
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 02.08.2010 15:09:52
AEHEUR.DLL : 8.1.2.38 2990455 Bytes 08.11.2010 11:55:31
AEHELP.DLL : 8.1.14.0 246134 Bytes 08.11.2010 11:55:25
AEGEN.DLL : 8.1.3.24 401781 Bytes 08.11.2010 11:55:25
AEEMU.DLL : 8.1.2.0 393588 Bytes 02.08.2010 15:09:49
AECORE.DLL : 8.1.17.0 196982 Bytes 08.11.2010 11:55:24
AEBB.DLL : 8.1.1.0 53618 Bytes 02.08.2010 15:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02.08.2010 15:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 02.08.2010 15:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 02.08.2010 15:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 02.08.2010 15:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 02.08.2010 15:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02.08.2010 15:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02.08.2010 15:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 02.08.2010 15:10:08

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: понеделник, 08 ноември 2010 13:53

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'vssvc.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hackmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'EPM-DM.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
The registry was scanned ( '427' files ).


Starting the file scan:

Begin scan in 'C:\' <WIN XP>
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WP6P9ZVG\upgrade[1].cab
[0] Archive type: CAB (Microsoft)
[DETECTION] Is the TR/BHO.Zwangi.3677 Trojan
--> upgrade.exe
[DETECTION] Is the TR/BHO.Zwangi.3677 Trojan
--> [UnknownDir]/querybrowser.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.58163245.41 back-door program
C:\Documents and Settings\User\Desktop\GEOFAZMA\NOVI SEMI\install_install_flash_player_1.exe.dap
[DETECTION] Contains recognition pattern of the VBS/StartPage.N.26 VBS script virus
C:\Documents and Settings\User\Desktop\Veronika\Jeff Buckley\Rare & Live Tracks\Tweflth of Never.wma
[WARNING] The file could not be read!
C:\Documents and Settings\User\Local Settings\Temp\jar_cache6397776213338709290.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
C:\Documents and Settings\User\My Documents\Downloads\install_install_flash_player.exe
[DETECTION] Contains recognition pattern of the VBS/StartPage.N.26 VBS script virus
C:\Documents and Settings\User\My Documents\Downloads\prevx-free-malware-scanner-3.0.5.50.exe
[DETECTION] Is the TR/Buzus.etnb.35 Trojan
C:\Program Files\FDRLab\save2pc\save2pc.exe
[DETECTION] Is the TR/Dldr.Adload.sga Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: The device is not ready.

Beginning disinfection:
C:\Program Files\FDRLab\save2pc\save2pc.exe
[DETECTION] Is the TR/Dldr.Adload.sga Trojan
[NOTE] The file was moved to the quarantine directory under the name '47a9a8d2.qua'.
C:\Documents and Settings\User\My Documents\Downloads\prevx-free-malware-scanner-3.0.5.50.exe
[DETECTION] Is the TR/Buzus.etnb.35 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f4d8767.qua'.
C:\Documents and Settings\User\My Documents\Downloads\install_install_flash_player.exe
[DETECTION] Contains recognition pattern of the VBS/StartPage.N.26 VBS script virus
[NOTE] The file was moved to the quarantine directory under the name '0d64dd8b.qua'.
C:\Documents and Settings\User\Local Settings\Temp\jar_cache6397776213338709290.tmp
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
[NOTE] The file was moved to the quarantine directory under the name '6b52925c.qua'.
C:\Documents and Settings\User\Desktop\GEOFAZMA\NOVI SEMI\install_install_flash_player_1.exe.dap
[DETECTION] Contains recognition pattern of the VBS/StartPage.N.26 VBS script virus
[NOTE] The file was moved to the quarantine directory under the name '2ed7bf77.qua'.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WP6P9ZVG\upgrade[1].cab
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.58163245.41 back-door program
[NOTE] The file was moved to the quarantine directory under the name '51b88d10.qua'.


End of the scan: понеделник, 08 ноември 2010 15:40
Used time: 1:46:24 Hour(s)

The scan has been done completely.

10945 Scanned directories
282345 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
282336 Files not concerned
3171 Archives were scanned
3 Warnings
6 Notes





THIS IS FROM THE SECOND SCAN:

Avira AntiVir Personal
Report file date: понеделник, 08 ноември 2010 16:12

Scanning for 3022070 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : User
Computer name : SANJA

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 09.08.2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 02.08.2010 15:09:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01.04.2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 02.08.2010 15:10:00
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.02.2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 11:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 15:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 15:10:04
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 15:10:06
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 11:55:10
VBASE009.VDF : 7.10.13.80 2265600 Bytes 02.11.2010 11:55:20
VBASE010.VDF : 7.10.13.81 2048 Bytes 02.11.2010 11:55:20
VBASE011.VDF : 7.10.13.82 2048 Bytes 02.11.2010 11:55:20
VBASE012.VDF : 7.10.13.83 2048 Bytes 02.11.2010 11:55:20
VBASE013.VDF : 7.10.13.116 147968 Bytes 04.11.2010 11:55:20
VBASE014.VDF : 7.10.13.147 146944 Bytes 07.11.2010 11:55:21
VBASE015.VDF : 7.10.13.148 2048 Bytes 07.11.2010 11:55:21
VBASE016.VDF : 7.10.13.149 2048 Bytes 07.11.2010 11:55:21
VBASE017.VDF : 7.10.13.150 2048 Bytes 07.11.2010 11:55:21
VBASE018.VDF : 7.10.13.151 2048 Bytes 07.11.2010 11:55:21
VBASE019.VDF : 7.10.13.152 2048 Bytes 07.11.2010 11:55:21
VBASE020.VDF : 7.10.13.153 2048 Bytes 07.11.2010 11:55:21
VBASE021.VDF : 7.10.13.154 2048 Bytes 07.11.2010 11:55:22
VBASE022.VDF : 7.10.13.155 2048 Bytes 07.11.2010 11:55:22
VBASE023.VDF : 7.10.13.156 2048 Bytes 07.11.2010 11:55:22
VBASE024.VDF : 7.10.13.157 2048 Bytes 07.11.2010 11:55:22
VBASE025.VDF : 7.10.13.158 2048 Bytes 07.11.2010 11:55:22
VBASE026.VDF : 7.10.13.159 2048 Bytes 07.11.2010 11:55:22
VBASE027.VDF : 7.10.13.160 2048 Bytes 07.11.2010 11:55:22
VBASE028.VDF : 7.10.13.161 2048 Bytes 07.11.2010 11:55:22
VBASE029.VDF : 7.10.13.162 2048 Bytes 07.11.2010 11:55:22
VBASE030.VDF : 7.10.13.163 2048 Bytes 07.11.2010 11:55:22
VBASE031.VDF : 7.10.13.164 2048 Bytes 07.11.2010 11:55:22
Engineversion : 8.2.4.92
AEVDF.DLL : 8.1.2.1 106868 Bytes 02.08.2010 15:09:54
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 08.11.2010 11:55:35
AESCN.DLL : 8.1.6.1 127347 Bytes 02.08.2010 15:09:53
AESBX.DLL : 8.1.3.1 254324 Bytes 02.08.2010 15:09:53
AERDL.DLL : 8.1.9.2 635252 Bytes 08.11.2010 11:55:33
AEPACK.DLL : 8.2.3.11 471416 Bytes 08.11.2010 11:55:32
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 02.08.2010 15:09:52
AEHEUR.DLL : 8.1.2.38 2990455 Bytes 08.11.2010 11:55:31
AEHELP.DLL : 8.1.14.0 246134 Bytes 08.11.2010 11:55:25
AEGEN.DLL : 8.1.3.24 401781 Bytes 08.11.2010 11:55:25
AEEMU.DLL : 8.1.2.0 393588 Bytes 02.08.2010 15:09:49
AECORE.DLL : 8.1.17.0 196982 Bytes 08.11.2010 11:55:24
AEBB.DLL : 8.1.1.0 53618 Bytes 02.08.2010 15:09:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02.08.2010 15:09:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 02.08.2010 15:09:55
AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 02.08.2010 15:09:55
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 02.08.2010 15:09:56
AVARKT.DLL : 10.0.0.14 227176 Bytes 02.08.2010 15:09:54
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02.08.2010 15:09:55
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02.08.2010 15:09:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 02.08.2010 15:10:08

Configuration settings for the scan:
Jobname.............................: Scan for Rootkits and active malware
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: понеделник, 08 ноември 2010 16:12

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-1078081533-583907252-1417001333-1003\Software\Microsoft\Protected Storage System Provider\S-1-5-21-1078081533-583907252-1417001333-1003\data
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '61' Module(s) have been scanned
Scan process 'firefox.exe' - '100' Module(s) have been scanned
Scan process 'dllhost.exe' - '51' Module(s) have been scanned
Scan process 'dllhost.exe' - '42' Module(s) have been scanned
Scan process 'vssvc.exe' - '36' Module(s) have been scanned
Scan process 'avgnt.exe' - '54' Module(s) have been scanned
Scan process 'sched.exe' - '53' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'hackmon.exe' - '41' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'hkcmd.exe' - '30' Module(s) have been scanned
Scan process 'igfxtray.exe' - '27' Module(s) have been scanned
Scan process 'realsched.exe' - '27' Module(s) have been scanned
Scan process 'wuauclt.exe' - '36' Module(s) have been scanned
Scan process 'EPM-DM.exe' - '24' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'mdm.exe' - '18' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'acs.exe' - '34' Module(s) have been scanned
Scan process 'spoolsv.exe' - '59' Module(s) have been scanned
Scan process 'Explorer.EXE' - '147' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '166' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '51' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '73' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
The registry was scanned ( '427' files ).


Starting the file scan:

Begin scan in 'C:' <WIN XP>
C:\Documents and Settings\User\Desktop\Veronika\Jeff Buckley\Rare & Live Tracks\Tweflth of Never.wma
[WARNING] The file could not be read!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: понеделник, 08 ноември 2010 17:34
Used time: 1:21:54 Hour(s)

The scan has been done completely.

10946 Scanned directories
283741 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
283739 Files not concerned
3162 Archives were scanned
3 Warnings
0 Notes
466186 Objects were scanned with rootkit scan
1 Hidden objects were found

So I hope we`ll stay in touch, and you gonna guide me till the end. Thanks again,
Regards, Espirit
espirit
Active Member
 
Posts: 12
Joined: November 2nd, 2010, 8:41 pm

Re: Need your help

Unread postby askey127 » November 8th, 2010, 2:08 pm

Espirit,
Good. It is clear that you DID need to have an antivirus program.
Antivir will give you one "nag" screen popup each day, but you can just click "OK".
It is free and it has good capability to detect and remove potentially harmful files.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need your help

Unread postby espirit » November 9th, 2010, 12:14 pm

Hey askay127,

Here are the contents of the file:TDSSKiller.2.4.7.0_09.11.2010_17.07.30_log


2010/11/09 17:07:30.0443 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/09 17:07:30.0443 ================================================================================
2010/11/09 17:07:30.0443 SystemInfo:
2010/11/09 17:07:30.0443
2010/11/09 17:07:30.0443 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/09 17:07:30.0443 Product type: Workstation
2010/11/09 17:07:30.0443 ComputerName: SANJA
2010/11/09 17:07:30.0443 UserName: User
2010/11/09 17:07:30.0443 Windows directory: C:\windows
2010/11/09 17:07:30.0443 System windows directory: C:\windows
2010/11/09 17:07:30.0443 Processor architecture: Intel x86
2010/11/09 17:07:30.0443 Number of processors: 1
2010/11/09 17:07:30.0443 Page size: 0x1000
2010/11/09 17:07:30.0443 Boot type: Normal boot
2010/11/09 17:07:30.0443 ================================================================================
2010/11/09 17:07:30.0693 Initialize success
2010/11/09 17:07:56.0510 ================================================================================
2010/11/09 17:07:56.0510 Scan started
2010/11/09 17:07:56.0510 Mode: Manual;
2010/11/09 17:07:56.0510 ================================================================================
2010/11/09 17:07:56.0931 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys
2010/11/09 17:07:56.0981 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\DRIVERS\ACPIEC.sys
2010/11/09 17:07:57.0091 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
2010/11/09 17:07:57.0191 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\windows\system32\DRIVERS\AegisP.sys
2010/11/09 17:07:57.0251 AFD (4d43e74f2a1239d53929b82600f1971c) C:\windows\System32\drivers\afd.sys
2010/11/09 17:07:57.0622 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
2010/11/09 17:07:57.0682 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
2010/11/09 17:07:57.0752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
2010/11/09 17:07:57.0822 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
2010/11/09 17:07:57.0952 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/11/09 17:07:58.0093 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\windows\system32\DRIVERS\avgntflt.sys
2010/11/09 17:07:58.0183 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\windows\system32\DRIVERS\avipbb.sys
2010/11/09 17:07:58.0283 b57w2k (8143be3d94866258f0b93373830cef01) C:\windows\system32\DRIVERS\b57xp32.sys
2010/11/09 17:07:58.0363 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\windows\system32\DRIVERS\bcm4sbxp.sys
2010/11/09 17:07:58.0443 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
2010/11/09 17:07:58.0523 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\windows\system32\DRIVERS\BthEnum.sys
2010/11/09 17:07:58.0613 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\windows\system32\DRIVERS\bthmodem.sys
2010/11/09 17:07:58.0663 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\windows\system32\DRIVERS\bthpan.sys
2010/11/09 17:07:58.0754 BTHPORT (51d05d5a8a7d93ab0b1a8d6a38db3ca4) C:\windows\system32\Drivers\BTHport.sys
2010/11/09 17:07:58.0944 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\windows\system32\Drivers\BTHUSB.sys
2010/11/09 17:07:59.0064 CAMCAUD (5a94e9d6e2716e38183959d8f4c2a5a9) C:\windows\system32\drivers\camcaud.sys
2010/11/09 17:07:59.0124 CAMCHALA (e7e737bc125d6beb50669ff4b61ced19) C:\windows\system32\drivers\camchal.sys
2010/11/09 17:07:59.0204 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
2010/11/09 17:07:59.0284 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys
2010/11/09 17:07:59.0364 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
2010/11/09 17:07:59.0425 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
2010/11/09 17:07:59.0515 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\windows\system32\drivers\cdrbsdrv.sys
2010/11/09 17:07:59.0715 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
2010/11/09 17:07:59.0845 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys
2010/11/09 17:08:00.0045 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
2010/11/09 17:08:00.0266 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys
2010/11/09 17:08:00.0436 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\DRIVERS\dmio.sys
2010/11/09 17:08:00.0486 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
2010/11/09 17:08:00.0556 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
2010/11/09 17:08:00.0706 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
2010/11/09 17:08:00.0797 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\windows\system32\drivers\epm-psd.sys
2010/11/09 17:08:00.0837 EpmShd (88a8301b73670f89054a33fc7d291eff) C:\windows\system32\drivers\epm-shd.sys
2010/11/09 17:08:00.0977 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
2010/11/09 17:08:01.0097 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\drivers\Fdc.sys
2010/11/09 17:08:01.0147 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys
2010/11/09 17:08:01.0187 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys
2010/11/09 17:08:01.0247 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys
2010/11/09 17:08:01.0357 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
2010/11/09 17:08:01.0397 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
2010/11/09 17:08:01.0518 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
2010/11/09 17:08:01.0598 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys
2010/11/09 17:08:01.0678 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\windows\system32\DRIVERS\hidbth.sys
2010/11/09 17:08:01.0748 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
2010/11/09 17:08:01.0908 HSFHWICH (eecf0c3b62040f26c62b6579794c702e) C:\windows\system32\DRIVERS\HSFHWICH.sys
2010/11/09 17:08:02.0048 HSF_DP (4683b5d9566b8653d4580c407c8d0fbc) C:\windows\system32\DRIVERS\HSF_DP.sys
2010/11/09 17:08:02.0148 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
2010/11/09 17:08:02.0329 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys
2010/11/09 17:08:02.0449 ialm (da58a8be6a445835f603720c4bc8837e) C:\windows\system32\DRIVERS\ialmnt5.sys
2010/11/09 17:08:02.0599 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
2010/11/09 17:08:02.0739 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\windows\system32\DRIVERS\intelide.sys
2010/11/09 17:08:02.0779 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys
2010/11/09 17:08:02.0829 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys
2010/11/09 17:08:02.0900 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
2010/11/09 17:08:02.0950 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
2010/11/09 17:08:03.0040 IPN2220 (eadcbd84f788d887e73d8c7691b2c508) C:\windows\system32\DRIVERS\i2220ntx.sys
2010/11/09 17:08:03.0130 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
2010/11/09 17:08:03.0210 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
2010/11/09 17:08:03.0400 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\windows\system32\DRIVERS\irda.sys
2010/11/09 17:08:03.0470 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
2010/11/09 17:08:03.0550 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\windows\system32\DRIVERS\irsir.sys
2010/11/09 17:08:03.0631 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys
2010/11/09 17:08:03.0711 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys
2010/11/09 17:08:03.0791 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys
2010/11/09 17:08:03.0901 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
2010/11/09 17:08:03.0961 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
2010/11/09 17:08:04.0111 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\windows\system32\DRIVERS\mdmxsdk.sys
2010/11/09 17:08:04.0352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
2010/11/09 17:08:04.0392 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys
2010/11/09 17:08:04.0432 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys
2010/11/09 17:08:04.0502 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys
2010/11/09 17:08:04.0562 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
2010/11/09 17:08:04.0672 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
2010/11/09 17:08:04.0732 MRxSmb (f3aefb11abc521122b67095044169e98) C:\windows\system32\DRIVERS\mrxsmb.sys
2010/11/09 17:08:04.0812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
2010/11/09 17:08:04.0882 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
2010/11/09 17:08:04.0932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
2010/11/09 17:08:04.0962 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
2010/11/09 17:08:05.0073 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
2010/11/09 17:08:05.0123 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys
2010/11/09 17:08:05.0163 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys
2010/11/09 17:08:05.0223 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys
2010/11/09 17:08:05.0263 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
2010/11/09 17:08:05.0303 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys
2010/11/09 17:08:05.0363 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys
2010/11/09 17:08:05.0403 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
2010/11/09 17:08:05.0443 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
2010/11/09 17:08:05.0533 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys
2010/11/09 17:08:05.0563 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
2010/11/09 17:08:05.0734 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
2010/11/09 17:08:06.0024 nmwcd (28e36e677849174c910faaead3e60e9e) C:\windows\system32\drivers\ccdcmb.sys
2010/11/09 17:08:06.0064 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\windows\system32\drivers\ccdcmbo.sys
2010/11/09 17:08:06.0134 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
2010/11/09 17:08:06.0204 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
2010/11/09 17:08:06.0354 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
2010/11/09 17:08:06.0645 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\windows\system32\DRIVERS\nv4_mini.sys
2010/11/09 17:08:06.0755 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
2010/11/09 17:08:06.0805 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
2010/11/09 17:08:06.0915 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys
2010/11/09 17:08:07.0005 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\windows\system32\drivers\Partizan.sys
2010/11/09 17:08:07.0136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
2010/11/09 17:08:07.0216 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
2010/11/09 17:08:07.0296 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
2010/11/09 17:08:07.0456 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\windows\system32\DRIVERS\pccsmcfd.sys
2010/11/09 17:08:07.0506 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys
2010/11/09 17:08:07.0586 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys
2010/11/09 17:08:07.0636 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\DRIVERS\pcmcia.sys
2010/11/09 17:08:07.0937 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
2010/11/09 17:08:08.0057 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
2010/11/09 17:08:08.0097 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
2010/11/09 17:08:08.0157 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\windows\system32\Drivers\PxHelp20.sys
2010/11/09 17:08:08.0397 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
2010/11/09 17:08:08.0478 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\windows\system32\DRIVERS\rasirda.sys
2010/11/09 17:08:08.0548 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
2010/11/09 17:08:08.0598 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
2010/11/09 17:08:08.0638 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
2010/11/09 17:08:08.0688 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
2010/11/09 17:08:08.0728 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
2010/11/09 17:08:08.0798 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys
2010/11/09 17:08:08.0898 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys
2010/11/09 17:08:09.0028 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys
2010/11/09 17:08:09.0098 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\windows\system32\Drivers\regguard.sys
2010/11/09 17:08:09.0219 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\windows\system32\DRIVERS\rfcomm.sys
2010/11/09 17:08:09.0379 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
2010/11/09 17:08:09.0489 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys
2010/11/09 17:08:09.0559 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
2010/11/09 17:08:09.0679 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys
2010/11/09 17:08:09.0759 SMBBATT (8a7eb56bf52feed03495c7ab2c718a55) C:\windows\system32\DRIVERS\SMBBATT.sys
2010/11/09 17:08:09.0890 SMBHC (339a9d075cd33b45535597b7b96361f4) C:\windows\system32\DRIVERS\SMBHC.sys
2010/11/09 17:08:09.0990 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
2010/11/09 17:08:10.0110 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
2010/11/09 17:08:10.0110 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/11/09 17:08:10.0130 sptd - detected Locked file (1)
2010/11/09 17:08:10.0180 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys
2010/11/09 17:08:10.0310 Srv (0f6aefad3641a657e18081f52d0c15af) C:\windows\system32\DRIVERS\srv.sys
2010/11/09 17:08:10.0400 SSHDRV86 (b9e31f2a3640403b0ea3a867bb73b9f4) C:\windows\system32\drivers\SSHDRV86.sys
2010/11/09 17:08:10.0531 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
2010/11/09 17:08:10.0611 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys
2010/11/09 17:08:10.0671 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
2010/11/09 17:08:10.0731 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
2010/11/09 17:08:10.0971 SynTP (6c218301f37cb01aa29dd9ae688653bd) C:\windows\system32\DRIVERS\SynTP.sys
2010/11/09 17:08:11.0051 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
2010/11/09 17:08:11.0131 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\windows\system32\DRIVERS\tcpip.sys
2010/11/09 17:08:11.0292 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
2010/11/09 17:08:11.0402 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
2010/11/09 17:08:11.0492 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
2010/11/09 17:08:11.0622 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
2010/11/09 17:08:11.0742 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
2010/11/09 17:08:11.0842 upperdev (b1b8bee26227dad9835019201552cb05) C:\windows\system32\DRIVERS\usbser_lowerflt.sys
2010/11/09 17:08:11.0933 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
2010/11/09 17:08:12.0013 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
2010/11/09 17:08:12.0063 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
2010/11/09 17:08:12.0143 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
2010/11/09 17:08:12.0323 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
2010/11/09 17:08:12.0383 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\windows\system32\drivers\usbser.sys
2010/11/09 17:08:12.0423 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
2010/11/09 17:08:12.0463 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
2010/11/09 17:08:12.0533 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys
2010/11/09 17:08:12.0634 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\windows\system32\Drivers\usbvideo.sys
2010/11/09 17:08:12.0704 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
2010/11/09 17:08:12.0784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys
2010/11/09 17:08:12.0864 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
2010/11/09 17:08:12.0964 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\windows\system32\Drivers\wdf01000.sys
2010/11/09 17:08:13.0154 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
2010/11/09 17:08:13.0325 winachsf (2a8c145e9e9e63b0071da4f35544ab9d) C:\windows\system32\DRIVERS\HSF_CNXT.sys
2010/11/09 17:08:13.0495 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\windows\system32\DRIVERS\wpdusb.sys
2010/11/09 17:08:13.0585 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS
2010/11/09 17:08:13.0645 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
2010/11/09 17:08:13.0705 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
2010/11/09 17:08:14.0166 ================================================================================
2010/11/09 17:08:14.0166 Scan finished
2010/11/09 17:08:14.0166 ================================================================================
2010/11/09 17:08:14.0186 Detected object count: 1
2010/11/09 17:09:06.0671 Locked file(sptd) - User select action: Skip
2010/11/09 17:09:37.0105 Deinitialize success


Thanks ;)
espirit
Active Member
 
Posts: 12
Joined: November 2nd, 2010, 8:41 pm

Re: Need your help

Unread postby askey127 » November 9th, 2010, 4:42 pm

espirit,
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are 4 different versions. If one of them won't run, then download and try to run one of the other ones.
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
Please download Rkill from one of the following links and save to your Desktop:
Rkill.exe
RKill.com
RKill.scr
Rkill.pif
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If ir does not, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware
  • Start Malwarebytes' Anti-Malware.
  • Click on The Update tab. Choose Check for Updates.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it shows any malware items, Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2010-mm-dd(hour-min-sec).txt
.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    sptd.sys
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need your help

Unread postby espirit » November 10th, 2010, 1:26 pm

Hey askay127,


Here are the contents from MalwareBytes' Anti-Malware:


Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 5089

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10.11.2010 18:03:39
mbam-log-2010-11-10 (18-03-39).txt

Scan type: Quick scan
Objects scanned: 153770
Time elapsed: 8 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QueryBrowser (Adware.QueryBrowser) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QueryBrowser (Adware.QueryBrowser) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUERYBROWSER_SERVICE (Adware.QueryBrowser) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QueryBrowser Service (Adware.QueryBrowser) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\QueryBrowser (Adware.QueryBrowser) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\QueryBrowser\querybrowser111.exe (Adware.QueryBrowser) -> Quarantined and deleted successfully.







And here is the log from SystemLook:

SystemLook 04.09.10 by jpshortstuff
Log created at 18:21 on 10/11/2010 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "sptd.sys"
C:\WINDOWS\system32\drivers\sptd.sys --a---- 691696 bytes [16:31 02/05/2010] [16:31 02/05/2010] (Unable to calculate MD5)

-= EOF =-
espirit
Active Member
 
Posts: 12
Joined: November 2nd, 2010, 8:41 pm

Re: Need your help

Unread postby askey127 » November 10th, 2010, 5:07 pm

Please tell me how the machine is behaving.
Do you have something happening that you don't expect?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need your help

Unread postby espirit » November 13th, 2010, 12:27 pm

Hey askay127,

The machine is runing a little faster but there is one problem. I want to remove "RemoveIT Pro v7 Enterprise (Trial)" but it tells me that log file is not found. Plus, I noticed that in running process in task manager some processes that appear and disappear continuously and again slow down my machine. :?:

Espirit.
espirit
Active Member
 
Posts: 12
Joined: November 2nd, 2010, 8:41 pm

Re: Need your help

Unread postby askey127 » November 14th, 2010, 9:18 am

espirit,
----------------------------------------------
You can download the free version of Revo Uninstaller from here: http://www.revouninstaller.com/revo_uni ... nload.html
I would attempt to use it to Uninstall the offending program.
It will succeed many times when regular methods fail.
Let me know.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis (double-click in XP, or right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl +A), copy (Ctrl+C) and paste (Ctrl+V) the log contents into a reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need your help

Unread postby espirit » November 15th, 2010, 9:10 pm

Hey askay127,

Tnx for the program, I remove the unwanted programs.

Here it is the new log file from Hijack This:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:07:42, on 16.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\windows\system32\svchost.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvtubesearch.co/?tmp=toolbar_Fl ... 9d6f803c92
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.taazu.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=mnv&s={searchTerms}&f=4
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61BBE630-DC4F-4AC1-95AA-51020275199F}: NameServer = 85.30.107.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8228 bytes
espirit
Active Member
 
Posts: 12
Joined: November 2nd, 2010, 8:41 pm

Re: Need your help

Unread postby askey127 » November 16th, 2010, 8:18 am

Your system looks clean.
I am assuming that your Internet Provider is in Macedonia.
Is it running OK?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Need your help

Unread postby espirit » November 16th, 2010, 3:40 pm

Dear askay127,

Today when i was opening my mail, and i wanted to read the message from DHL my system blocked and some virus come in and everything bloced on mu pc. Then I run the pc in safe mode and start scaning with avira and the system is runing ok again. But I`m afraid that some viruses left :S Here is a new HiJack scaning, and pls can you tell me how to see is my provider in Macedonia?......

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:38:47, on 16.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvtubesearch.co/?tmp=toolbar_Fl ... 9d6f803c92
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.taazu.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=mnv&s={searchTerms}&f=4
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61BBE630-DC4F-4AC1-95AA-51020275199F}: NameServer = 85.30.104.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7864 bytes



espirit...
espirit
Active Member
 
Posts: 12
Joined: November 2nd, 2010, 8:41 pm

Re: Need your help

Unread postby espirit » November 16th, 2010, 3:50 pm

This is when the processes are runing in my task manager: :S


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:47:22, on 16.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\wuauclt.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\windows\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvtubesearch.co/?tmp=toolbar_Fl ... 9d6f803c92
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.taazu.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=mnv&s={searchTerms}&f=4
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61BBE630-DC4F-4AC1-95AA-51020275199F}: NameServer = 85.30.104.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8019 bytes
espirit
Active Member
 
Posts: 12
Joined: November 2nd, 2010, 8:41 pm

Re: Need your help

Unread postby askey127 » November 16th, 2010, 5:14 pm

espirit,
According to your HiJackThis log, your internet connection is going here:
85.30.104.2
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '85.30.104.0 - 85.30.107.255'

inetnum: 85.30.104.0 - 85.30.107.255
netname: MK-PETNET
descr: Telecommunication Society PET NET DOO
descr: Gevgelija, Macedonia
country: MK
admin-c: ONON-RIPE
tech-c: ONON-RIPE
status: ASSIGNED PA
mnt-by: ON-MNT
source: RIPE # Filtered

role: Onnet Role Object
address: Partizanski Odredi 70/5
address: P.O. BOX 205
address: 1000 Skopje, Macedonia
abuse-mailbox: abuse@on.net.mk
remarks: ====================================================================
remarks: Please use abuse@on.net.mk for reporting SPAM or security issues!
All messages to other e-mail addresses will not be proceeded timely.
Thank you.
remarks: ====================================================================
admin-c: OKON-RIPE
tech-c: GDON-RIPE
tech-c: OKON-RIPE
nic-hdl: ONON-RIPE
mnt-by: ON-MNT
source: RIPE # Filtered

% Information related to '85.30.64.0/18AS16333'

route: 85.30.64.0/18
descr: ON NET ISP
descr: Skopje, Macedonia
origin: AS16333
mnt-by: ON-MNT
source: RIPE # Filtered

% Information related to '85.30.96.0/19AS16333'

route: 85.30.96.0/19
descr: On.net ISP
origin: AS16333
mnt-by: ON-MNT
source: RIPE # Filtered
Is this the company you pay, or use, for Internet Access?
If you don't know this company, it is a "hijack" and needs to be removed.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware