Problem with Vista.

R

Raidogreat

Member
So i have this problem some virus on whatnot is running around in my computer creating odd and wierd files in the Windows/temp folder. One fella said i have to download Malwarebytes Anti-Malware and HiJack and full scan them both and save to logs so some1 might help me get rid of this serious problem.

The virus isnt realy that threatfull but sometimes messes around so much ill be stuck in after I restart the first page then Boot Cd: and nothing else and im sure of it thats the virus doing it and it realy buggs be so if some1 who have dealt with Malwarebytes Anti-Malware and HiJack here is the download link for the logs:UPLOAD.EE - Download Logs.zip

If anybody is kind if enough to help ill be greatfull for him and his help :D
 

My Computer

System One

Welcome
You deserve the best,,I will contact our specialists in security.. You will get the best help possible.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
Its the Holiday season, so it may take time. But rest assured you will get the best help available.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
Raidogreat said:
So i have this problem some virus on whatnot is running around in my computer creating odd and wierd files in the Windows/temp folder. One fella said i have to download Malwarebytes Anti-Malware and HiJack and full scan them both and save to logs so some1 might help me get rid of this serious problem.

The virus isnt realy that threatfull but sometimes messes around so much ill be stuck in after I restart the first page then Boot Cd: and nothing else and im sure of it thats the virus doing it and it realy buggs be so if some1 who have dealt with Malwarebytes Anti-Malware and HiJack here is the download link for the logs:UPLOAD.EE - Download Logs.zip

If anybody is kind if enough to help ill be greatfull for him and his help :D
Click to expand...

You have a lot of malware, malwarebytes removed some
Try this: Download Kaspersky Rescue Disk 10, it will remove any infections
 

My Computer

System One

  • Manufacturer/Model
    Custom
    CPU
    Q8200 OC'd 3.08GHz
    Motherboard
    Asus Rampage Formula LGA775
    Memory
    8GB DDR2 900Mhz
    Graphics card(s)
    Zotac GTX460 2GB GDDR5/ Asus EN9600GT 1GB
    Sound Card
    Supreme FX2
    Monitor(s) Displays
    AOC 19'
    Screen Resolution
    1650x1080
    Hard Drives
    3X500GB internal 2TB internal 500+250GB ext
    PSU
    Coolermaster GX650W
    Case
    Custom
    Cooling
    Coolermaster V6GT + 3x8cm fans
    Mouse
    A4 Tech X6
    Keyboard
    Standard
    Internet Speed
    1MiB/s
Would you please copy and paste the results of both logs in your next post. I don't download .zip files from a source that I don't know. :o
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
I invited Jacee to come and help. You are in very good hands.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Mouse
    Dell USB 4 button optical
    Keyboard
    Dell USB
    Other Info
    DSL provided by ATT
Raidogreat said:
Jacee said:
Would you please copy and paste the results of both logs in your next post. I don't download .zip files from a source that I don't know. :o
Click to expand...



Well this is sorta the only page i know where to upload gime another page i can upload the log files onto ':shock:
Click to expand...

Open the zip file and extract the contents back onto your desktop.
Open the files using notepad.
Copy and paste the text directly into the message window on these forums.
 

My Computer

System One

  • Manufacturer/Model
    Self Built
    CPU
    I5 3570K
    Motherboard
    Gigabyte Z77-DS3H
    Memory
    4 x 4GB corsair ballistix sport DDR3 1600 Mhz
    Graphics card(s)
    Gigabyte Geforce GTX 660 TI
    Sound Card
    creative x-fi
    Monitor(s) Displays
    Primary CiBox 22" Widescreen LCD ,Secondary Dell 22" Widescreen
    Screen Resolution
    Both 1680 x 1050
    Hard Drives
    2 x 500G HD (SATA) 1 x 2TB USB
    PSU
    Corsair HX 620W ATX2.2 Modular SLI Complient PSU
    Case
    Antec 900 Ultimate Gaming Case
    Cooling
    3 x 80mm tri led front, 120mm side 120mm back, 200mm top
    Mouse
    Technika TKOPTM2
    Keyboard
    Logik
    Internet Speed
    288 / 4000
    Other Info
    Creative Inspire 7.1 T7900 Speakers Trust Graphics Tablet
Malwarebytes' Anti-Malware 1.50
Malwarebytes

Database version: 5214

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

19.12.2010 17:34:05
mbam-log-2010-12-19 (17-34-05).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 310674
Time elapsed: 1 hour(s), 40 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 130
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 26
Files Infected: 46

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\CmndFF.dll (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\Pltfrm.dll (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ed-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40af-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.Info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Metropolis (Trojan.FakeAlert) -> Value: Metropolis -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Value: wuaucldt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879057EBC765B5730AF96 (Malware.Trace) -> Value: SRS_IT_E879057EBC765B5730AF96 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (ShopperReports) -> Value: [email protected] -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.ClickPotato) -> Value: [email protected] -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\Users\Liivia\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Delete on reboot.
c:\programdata\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\Users\Liivia\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> Delete on reboot.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> Delete on reboot.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Delete on reboot.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\CmndFF.dll (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\Pltfrm.dll (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> Delete on reboot.
c:\program files\shopperreports3\bin\3.0.517.0\shopperreports.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\launchhelp.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\Users\Liivia\downloads\xvidsetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.
c:\Windows\Temp\heube.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\attribb.exe (Virus.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\bridgeunattendb.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Windows\System32\mssrv32.exe (Trojan.Agent) -> Delete on reboot.
c:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.621.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> Delete on reboot.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\launchhelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:12:19, on 19.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ILM.EE - Tallinn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\SAMSUNG NOTEBOOK PC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Your Home Page Has Been Changed
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShopperReports - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Mowes] "c:\mowes\mowes.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [wuaucldt] c:\users\liivia\wuaucldt.exe
O4 - HKUS\S-1-5-18\..\Run: [Metropolis] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [JP595IR86O] C:\Windows\TEMP\Esx.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Metropolis] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle (User 'Default user')
O4 - Startup: Counter-Strike 1.6 Config.lnk = ?
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files\ClickPotatoLite\bin\10.0.621.0\ClickPotatoLiteSABHO.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - (no file)
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://gw.tallinnlv.ee:11082/activex/AxisCamControl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (file missing)
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google'i värskendamisteenus (gupdate1ca6dc647924d79) (gupdate1ca6dc647924d79) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: skservice - Unknown owner - C:\Windows\TEMP\ftoeyj.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 11622 bytes
 

My Computer

System One

Hello!

Excellent work! Can you please run us another Malwarebytes Quick Scan, and post the latest log here, just as you did the last one. I can also see a few things in your HiJackThis report, but Jacee can remove those.

Thanks!

Richard
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS 420
    CPU
    Intel Core 2 Quad Q9300 2.50GHz
    Motherboard
    Stock Dell 0TP406
    Memory
    4 gb (DDR2 800) 400MHz
    Graphics card(s)
    ATI Radeon HD 3870 (512 MBytes)
    Sound Card
    Onboard
    Monitor(s) Displays
    1 x Dell 2007FP and 1 x (old) Sonic flat screen
    Screen Resolution
    1600 x 1200 and 1280 x 1204
    Hard Drives
    1 x 640Gb (SATA 300) Western Digital: WDC WD6400AAKS-75A7B0 1 x 1Tb (SATA 600) Western Digital: Caviar Black, SATA 6GB/S, 64Mb cache, 8ms Western Digital: WDC WD1002FAEX-00Z3A0 ATA Device
    PSU
    Stock PSU - 375W
    Case
    Dell XPS 420
    Cooling
    Stock Fan
    Mouse
    Advent Optical ADE-WG01 (colour change light up)
    Keyboard
    Dell Bluetooth
    Internet Speed
    120 kb/s
    Other Info
    ASUS USB 3.0 5Gbps/SATA 6Gbps - PCI-Express Combo Controller Card (U3S6)
Sorry I'm late, I'm actually on vacation for the holidays.....

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
ComboFix 10-12-26.01 - Liivia 28.12.2010 14:48:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1257.372.1033.18.3032.2123 [GMT 2:00]
Running from: c:\users\Liivia\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\dypuas.exe
c:\windows\system32\config\systemprofile\fxtap.exe
c:\windows\system32\config\systemprofile\gxtap.exe
c:\windows\system32\dcmprss.dll

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-28 13:00 . 2010-12-28 13:01 -------- d-----w- c:\users\Liivia\AppData\Local\temp
2010-12-28 13:00 . 2010-12-28 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-24 12:43 . 2010-12-24 12:50 -------- d-----w- c:\program files\GameSpy Arcade
2010-12-24 12:01 . 2010-12-24 12:01 -------- d-----w- c:\users\Liivia\AppData\Roaming\PeerNetworking
2010-12-24 10:59 . 2010-12-24 11:00 -------- d-----w- c:\program files\Common Files\3DO Shared
2010-12-24 10:53 . 2010-12-24 10:53 -------- d-----w- c:\windows\wb
2010-12-24 10:03 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B02BC96-58A9-4432-BC47-E366C24B79D8}\mpengine.dll
2010-12-24 09:57 . 2010-12-28 12:43 -------- d-----w- c:\users\Liivia\AppData\Local\LogMeIn Hamachi
2010-12-24 09:56 . 2010-12-24 09:56 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-12-21 16:21 . 2010-12-24 12:08 -------- d-----w- c:\program files\3DO
2010-12-21 16:21 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-12-19 13:36 . 2010-12-19 13:36 388096 ----a-r- c:\users\Liivia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-19 13:36 . 2010-12-19 13:36 -------- d-----w- c:\program files\Trend Micro
2010-12-19 13:35 . 2010-12-19 13:35 -------- d-----w- c:\users\Liivia\AppData\Roaming\Malwarebytes
2010-12-19 13:35 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 13:35 . 2010-12-19 13:35 -------- d-----w- c:\programdata\Malwarebytes
2010-12-19 13:35 . 2010-12-19 13:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-19 13:35 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-16 08:22 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 21:00 . 2008-06-02 01:50 125728 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-12-15 21:00 . 2008-01-21 02:23 599552 ----a-w- c:\windows\system32\vsp1cln.exe
2010-12-15 21:00 . 2007-07-24 03:02 33800 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-12-15 21:00 . 2007-07-23 22:40 79304 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-12-15 21:00 . 2007-07-21 00:08 40488 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-12-15 21:00 . 2007-07-21 00:08 35240 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-12-15 21:00 . 2007-07-21 00:08 201288 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-12-15 21:00 . 2008-01-21 02:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-15 16:57 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 16:57 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 16:57 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 16:57 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 16:57 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 16:57 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 16:57 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 16:57 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 16:55 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-11 12:26 . 2010-12-11 12:26 -------- d-----w- c:\windows\systemprofile
2010-12-11 12:13 . 2010-12-11 12:13 -------- d-----w- C:\cs
2010-12-06 12:28 . 2010-12-06 12:28 -------- d-----w- c:\programdata\Electronic Arts
2010-12-06 05:53 . 2010-12-06 12:32 -------- d-----w- c:\users\Liivia\AppData\Roaming\Spore
2010-12-05 17:31 . 2010-12-05 17:31 -------- d-----w- c:\program files\Atari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 01:50 . 2009-10-30 20:30 162304 ----a-w- c:\windows\system32\wbem\WMIsvc.dll
2010-12-20 01:50 . 2009-10-30 20:29 90112 ----a-w- c:\windows\system32\wbem\WmiApRpl.dll
2010-11-12 16:53 . 2010-05-06 07:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 08:41 . 2010-02-26 11:34 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 13:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-05 26102056]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-19 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-19 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-19 145944]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Mowes"="c:\mowes\mowes.exe" [2009-09-24 409600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]

c:\users\Liivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Counter-Strike 1.6 Config.lnk - d:\counter-strike 1.6\cstrike\config.exe [N/A]
H3 The Shadow of Death(TM).lnk - c:\program files\3DO\Heroes3\RegisterSOD\Remind32.exe [2010-12-24 67584]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-24 503808]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-11-25 576000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-6-5 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 xodrtku;xodrtku;c:\windows\System32\drivers\qxon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca6dc647924d79;Google'i värskendamisteenus (gupdate1ca6dc647924d79);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 133104]
R2 skservice;skservice;c:\windows\TEMP\ftoeyj.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-02-17 112640]
R3 GarenaPEngine;GarenaPEngine;c:\users\Liivia\AppData\Local\Temp\NOC5808.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-10 3601608]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [x]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 aswSP;aswSP; [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 21520]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 BecHelperService;BecHelperService;c:\program files\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe [2010-02-17 1836784]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-28 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-10-28 18:33]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 11:55]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-25 11:55]

2010-12-28 c:\windows\Tasks\User_Feed_Synchronization-{9CDD852A-8CA0-45F5-9C87-F501EA8CE865}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ilm.ee/tallinn/?linn=tallinn
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\Liivia\AppData\Roaming\Mozilla\Firefox\Profiles\bz6vx5is.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ee/
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\Mozilla Firefox\extensions\[email protected]
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: OnRPG Toolbar: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - %profile%\extensions\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar
FF - Ext: Platinum Hide IP: [email protected] - %profile%\extensions\[email protected]
FF - user.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVP - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-28 15:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.0.6002 Disk: Hitachi_ rev.FBEO -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87F9A555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87fa07b0]; MOV EAX, [0x87fa082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x8385614B] -> \Device\Harddisk0\DR0[0x872A4AC8]
3 CLASSPNP[0x8B9B88B3] -> nt!IofCallDriver[0x8385614B] -> [0x880F3030]
\Driver\iaStor[0x867E5DC0] -> IRP_MJ_CREATE -> 0x87F9A555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskHitachi_HTS543225L9A300_________________FBEOC4CC#4&2a75c234&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Liivia\AppData\Local\Temp\NOC5808.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-28 15:06:05
ComboFix-quarantined-files.txt 2010-12-28 13:05

Pre-Run: 16 922 451 968 bytes free
Post-Run: 16 855 789 568 bytes free

- - End Of File - - 5DA6F6559C0A3ED25888020F08AF0032
 

My Computer

System One

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:16:08, on 28.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\3DO\Heroes3\RegisterSOD\Remind32.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\SwiftKit\SwiftKit-RS.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ILM.EE - Tallinn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Your Home Page Has Been Changed
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Mowes] "c:\mowes\mowes.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Counter-Strike 1.6 Config.lnk = ?
O4 - Startup: H3 The Shadow of Death(TM).lnk = C:\Program Files\3DO\Heroes3\RegisterSOD\Remind32.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://gw.tallinnlv.ee:11082/activex/AxisCamControl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (file missing)
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google'i värskendamisteenus (gupdate1ca6dc647924d79) (gupdate1ca6dc647924d79) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: skservice - Unknown owner - C:\Windows\TEMP\ftoeyj.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 9980 bytes
 

My Computer

System One

Hi Radiogreat,

Jacee is still on holiday - so there's no telling if/when she will next drop by. In the meantime, you need to be patient. I believe that Richard previously requested that you run another full MBAM scan and post the new results here - so if you could do so, that would be helpful to both of them.

Thanks and good luck!
 

My Computer

System One

  • Manufacturer/Model
    Dell Inc. MP061 Inspiron E1705
    CPU
    2.00 gigahertz Intel Core 2 Duo 64 kilobyte primary memory
    Motherboard
    Board: Dell Inc. 0YD479 Bus Clock: 166 megahertz
    Memory
    2046 Megabytes Usable Installed Memory
    Graphics card(s)
    ATI Mobility Radeon X1400 (Microsoft Corporation - WDDM) [Di
    Sound Card
    SigmaTel High Definition Audio CODEC
    Monitor(s) Displays
    Generic PnP Monitor (17.2"vis)
    Screen Resolution
    1920 x 1200 pixels
    Hard Drives
    Hitachi HTS541616J9SA00 [Hard drive] (160.04 GB) -- drive 0, s/n SB2411SJGLLRMB, rev SB4OC74P, SMART Status: Healthy
    Case
    Chassis Serial Number: 5YK95C1
    Mouse
    Logitech HID-compliant Cordless Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    1958 Kbps download ; 754.8 Kbps upload
    Other Info
    Optiarc DVD+-RW AD-5540A ATA Device [CD-ROM drive] Dell AIO Printer A940 Conexant HDA D110 MDC V.92 Modem 6TO4 Adapter Broadcom 440x 10/100 Integrated Controller Broadcom 802.11n Network Adapter Microsoft ISATAP Adapter Teredo Tunneling Pseudo-Interface Router Linksys / WRT54G -01
Lorien said:
Hi Radiogreat,

Jacee is still on holiday - so there's no telling if/when she will next drop by. In the meantime, you need to be patient. I believe that Richard previously requested that you run another full MBAM scan and post the new results here - so if you could do so, that would be helpful to both of them.

Thanks and good luck!
Click to expand...

Another MBAM would do no harm, but you have an interesting, and modern infection there. Better wait for Jacee.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS 420
    CPU
    Intel Core 2 Quad Q9300 2.50GHz
    Motherboard
    Stock Dell 0TP406
    Memory
    4 gb (DDR2 800) 400MHz
    Graphics card(s)
    ATI Radeon HD 3870 (512 MBytes)
    Sound Card
    Onboard
    Monitor(s) Displays
    1 x Dell 2007FP and 1 x (old) Sonic flat screen
    Screen Resolution
    1600 x 1200 and 1280 x 1204
    Hard Drives
    1 x 640Gb (SATA 300) Western Digital: WDC WD6400AAKS-75A7B0 1 x 1Tb (SATA 600) Western Digital: Caviar Black, SATA 6GB/S, 64Mb cache, 8ms Western Digital: WDC WD1002FAEX-00Z3A0 ATA Device
    PSU
    Stock PSU - 375W
    Case
    Dell XPS 420
    Cooling
    Stock Fan
    Mouse
    Advent Optical ADE-WG01 (colour change light up)
    Keyboard
    Dell Bluetooth
    Internet Speed
    120 kb/s
    Other Info
    ASUS USB 3.0 5Gbps/SATA 6Gbps - PCI-Express Combo Controller Card (U3S6)
Ugh... I detest rootkits!!! If this was my computer, I would wipe it and do a "clean" install. Because of the very nature of this type of infection, you can never be sure that your computer will ever be stable again.

If you want to continue to try to clean up....

Please do the following:


  • MBRCheck


    • Please download MBRCheck and save it to your desktop.
    • Be sure to disable your security programs.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy should appear on your desktop.
    • Please post the contents of that file in your next reply.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Niemiro, are there new types of infections coming out. When you say modern infection, I take it you mean compleatly new coding?
 

My Computer

System One

  • Manufacturer/Model
    Self Built
    CPU
    I5 3570K
    Motherboard
    Gigabyte Z77-DS3H
    Memory
    4 x 4GB corsair ballistix sport DDR3 1600 Mhz
    Graphics card(s)
    Gigabyte Geforce GTX 660 TI
    Sound Card
    creative x-fi
    Monitor(s) Displays
    Primary CiBox 22" Widescreen LCD ,Secondary Dell 22" Widescreen
    Screen Resolution
    Both 1680 x 1050
    Hard Drives
    2 x 500G HD (SATA) 1 x 2TB USB
    PSU
    Corsair HX 620W ATX2.2 Modular SLI Complient PSU
    Case
    Antec 900 Ultimate Gaming Case
    Cooling
    3 x 80mm tri led front, 120mm side 120mm back, 200mm top
    Mouse
    Technika TKOPTM2
    Keyboard
    Logik
    Internet Speed
    288 / 4000
    Other Info
    Creative Inspire 7.1 T7900 Speakers Trust Graphics Tablet
This is a TDL4 rootkit infection ..... the latest spawning, involving the TDSS, Alureon, and TDL3 rootkits.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device. One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Mouse
    Microsoft PS/2 Mouse
    Keyboard
    Standard PS/2 Keyboard
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Jacee said:
This is a TDL4 rootkit infection ..... the latest spawning, involving the TDSS, Alureon, and TDL3 rootkits.
Click to expand...


i have 0 idea what rootkits are but when I ran Combofix.exe
the first time it said Rootkit detected and rebooted.
but ill do the download the file run it and post the log here :D
oh and Jacee if you have time mind explaining what a TDL4 rootkit infection is and how did it come to my computer or how was it created ?
 

My Computer

System One

You must log in or register to reply here.
Back
Top