Caralin

hi, i think my PC is clean however i did click on a clicker trojan eariler today and my AV renamed it and i deleted it. it's just been about 6 months since i checked with HJT.

i have checked the 15s and they are OK, but i don't know what *.punk .ru is. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 05:37:05, on 27/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Anti-Virus\4476822\program\fsbwsys.exe
C:\Program Files\Anti-Virus\FSGK32.EXE
C:\Program Files\Common\FSMA32.EXE
C:\Program Files\Anti-Virus\fssm32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Common\FSMB32.EXE
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common\FCH32.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common\FAMEH32.EXE
C:\Program Files\FWES\Program\fsdfwd.exe
C:\Program Files\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Common\FSM32.EXE
C:\Program Files\ProcessGuard\procguard.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\FSGUI\fsguiexe.exe
C:\Program Files\Invention Pilot\Tray Pilot Lite\TrayPlt.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
C:\Program Files\F-Secure Anti-Virus\4476822\Program\fspex.exe
C:\Program Files\BinarySense\HDDlife\HDDlife.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Defraggers\Buzzsaw.exe
C:\Program Files\ID-Blaster Plus\idblasterplus.exe
C:\Standalones\MJRegWatcher\RegWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Proxomitron\Proxomitron.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\JGsoft\EditPadLite\EditPad.exe
C:\Fixes & Tests\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = browser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=127.0.0.1:8080;http=127.0.0.1:8080;https=127.0.0.1:8080
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -CC
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [Tray Pilot Lite] "C:\Program Files\Invention Pilot\Tray Pilot Lite\TrayPlt.exe"
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlife.exe
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: Shortcut to Buzzsaw.exe.lnk = C:\Defraggers\Buzzsaw.exe
O4 - Startup: Shortcut to idblasterplus.exe.lnk = C:\Program Files\ID-Blaster Plus\idblasterplus.exe
O4 - Startup: Shortcut to RegWatcher.exe.lnk = C:\Standalones\MJRegWatcher\RegWatcher.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Watcher logon time.lnk = C:\Program Files\watcher\watcher.exe
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Open Selected URL - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\openselectedurl.htm
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Search &Google - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\google.htm
O8 - Extra context menu item: Search Current News - file://\program files\powershell-xp3\search5.htm
O8 - Extra context menu item: Search Encyclopedia - file://\program files\powershell-xp3\search4.htm
O8 - Extra context menu item: Search for Images - file://\program files\powershell-xp3\search3.htm
O8 - Extra context menu item: Search Newsgroups - file://\program files\powershell-xp3\search2.htm
O8 - Extra context menu item: Search the Web - file://\program files\powershell-xp3\search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O15 - Trusted Zone: http://www.artistdirect.com (HKLM)
O15 - Trusted Zone: http://www.bruitdimage.com (HKLM)
O15 - Trusted Zone: http://www.ce-infosys.com.sg (HKLM)
O15 - Trusted Zone: http://www.deathclock.com (HKLM)
O15 - Trusted Zone: http://support.f-secure.com (HKLM)
O15 - Trusted Zone: http://www.google.co.uk (HKLM)
O15 - Trusted Zone: http://www.gvhsoftware.org (HKLM)
O15 - Trusted Zone: http://www.homecomputermagazine.com (HKLM)
O15 - Trusted Zone: http://www.kaspersky.com (HKLM)
O15 - Trusted Zone: http://www.last.fm (HKLM)
O15 - Trusted Zone: http://amdwallpapers.lunarpages.com (HKLM)
O15 - Trusted Zone: http://www.majorgeeks.com (HKLM)
O15 - Trusted Zone: http://us.mcafee.com (HKLM)
O15 - Trusted Zone: http://movies.msn.com (HKLM)
O15 - Trusted Zone: http://www.mwti.net (HKLM)
O15 - Trusted Zone: http://safari.oreilly.com (HKLM)
O15 - Trusted Zone: http://www.podcast.net (HKLM)
O15 - Trusted Zone: http://minnesota.publicradio.org (HKLM)
O15 - Trusted Zone: http://*.punk.ru (HKLM)
O15 - Trusted Zone: http://www.scenestars.net (HKLM)
O15 - Trusted Zone: http://search.singingfish.com (HKLM)
O15 - Trusted Zone: http://www.sonymusiceurope.com (HKLM)
O15 - Trusted Zone: http://prdownloads.sourceforge.net (HKLM)
O15 - Trusted Zone: http://security.symantec.com (HKLM)
O15 - Trusted Zone: http://*.talksport.co.uk (HKLM)
O15 - Trusted Zone: http://www.talksport.net (HKLM)
O15 - Trusted Zone: http://www.theconnection.org (HKLM)
O15 - Trusted Zone: http://housecall.trendmicro.com (HKLM)
O15 - Trusted Zone: http://www.uponone.com (HKLM)
O15 - Trusted Zone: http://www.virginradio.co.uk (HKLM)
O15 - Trusted Zone: http://www.wilderssecurity.com (HKLM)
O15 - Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - Trusted Zone: http://download.zonelabs.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1119569225599
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -
O18 - Protocol: shell - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Common\FSMA32.EXE
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Port Reporter (PortReporter) - Unknown owner - C:\Program Files\PortReporter\portreporter.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)