Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page CPU Usage 100% when online
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 06-25-2007, 03:46 AM   #1 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 8
OS: WinXP


CPU Usage 100% when online
I have a problem with my CPU usage. It's up to 100 percent almost all the time. When i look in my Task Manager a process called System(not System Idle process!!) is taking up almost all usage. My computer is running slow. I've scanned it with nod32, avast and AVG, there are no viruses or else. I've also ran Spybot and Ad-Aware and the problem is still here. I've also noticed that CPU Usage goes to normal when I turn off my ADSL modem or when I'm offline. Here's my Hijack this log so please help me if you konw how to. Thanks in advance.


Logfile of HijackThis v1.99.1
Scan saved at 11:40:24, on 25.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tportal.hr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tportal.hr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MAXadsl Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows

Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live

Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: T-Com - {640D51F7-EA3D-4F9A-A3A2-F803112C2C74} - C:\Program Files\Internet

Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tportal.hr/
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6F78B7-0E69-40CF-80E6-86A10019C6AC}: NameServer = 195.29.150.3

195.29.150.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsrpp - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file

missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service

(file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL

Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Niazcro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 06-25-2007, 11:07 AM   #2 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: CPU Usage 100% when online
Hi Niazcro


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

====================

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

===========================================

Please turn Word Wrap off in your text editor. In Notepad this done by going to the Edit menu and clicking Word Wrap to remove the check. This will make the logs you post much easier to read.

================

The log you've posted is the beta version of HijackThis and is still under development. Please refer to this thread TrendMicro's HijackThis version2 Beta

Uninstall your Beta version of HijackThis, and download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis 1.99.1 for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. **Allow dss.exe to download HijackThis 1.99.1 when prompted**


Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-26-2007, 01:32 AM   #3 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 8
OS: WinXP


Re: CPU Usage 100% when online
Deckard's System Scanner v20070611.50
Run by Teka on 2007-06-26 at 10:21:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
36: 2007-06-26 08:22:21 UTC - RP132 - Deckard's System Scanner Restore Point
35: 2007-06-26 05:48:29 UTC - RP131 - System Checkpoint
34: 2007-06-24 10:45:53 UTC - RP130 - System Checkpoint
33: 2007-06-23 06:29:32 UTC - RP129 - System Checkpoint
32: 2007-06-21 08:57:30 UTC - RP128 - System Checkpoint


-- First Restore Point --
1: 2007-05-18 12:25:49 UTC - RP97 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Teka.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:24:47, on 26.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Teka\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Teka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tportal.hr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tportal.hr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MAXadsl Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: T-Com - {640D51F7-EA3D-4F9A-A3A2-F803112C2C74} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tportal.hr/
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6F78B7-0E69-40CF-80E6-86A10019C6AC}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsrpp - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology (StarForce); SF FrontLine>
R1 atitray - c:\program files\radeon omega drivers\v3.8.221\ati tray tools\atitray.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 RMSPPPOE (WAN Miniport (PPP over Ethernet Protocol)) - c:\windows\system32\drivers\rmspppoe.sys <Not Verified; Robert Schlabbach; PPP over Ethernet Protocol>

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 Mtlmnt5 - c:\windows\system32\drivers\mtlmnt5.sys <Not Verified; ; Modem>
S3 Mtlstrm - c:\windows\system32\drivers\mtlstrm.sys <Not Verified; ; Modem>
S3 NtMtlFax - c:\windows\system32\drivers\ntmtlfax.sys <Not Verified; ; Modem>
S3 Slntamr (SmartLink AMR_PCI Driver) - c:\windows\system32\drivers\slntamr.sys <Not Verified; ; Modem>
S3 SlNtHal - c:\windows\system32\drivers\slnthal.sys <Not Verified; ; Modem>
S3 SlWdmSup - c:\windows\system32\drivers\slwdmsup.sys <Not Verified; Vireo Software; Driver::Works>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Scheduled Tasks -------------------------------------------------------------

2007-06-26 09:30:00 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-06-19 11:22:00 268 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-06-06 20:14:55 384 --a------ C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job
2007-05-20 1139 390 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-05-26 and 2007-06-26 -----------------------------

2007-06-24 13:18:38 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-06-23 13:32:06 0 dr-h----- C:\Documents and Settings\Teka\Application Data\SecuROM
2007-06-23 13:20:12 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-06-10 15:56:21 0 d-------- C:\Program Files\Windows Live
2007-06-08 2233 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-06-07 20:17:59 0 d-------- C:\Documents and Settings\Teka\Application Data\AVG7
2007-06-07 20:17:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-06-07 20:16:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-07 20:16:37 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-06-06 20:14:24 0 d-------- C:\Documents and Settings\Teka\Application Data\RegSweep
2007-06-06 11:56:16 0 d-------- C:\WINDOWS\pss
2007-06-05 10:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-05 10:20:11 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-05 10:20:10 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-05 10:20:10 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-05 10:20:10 610304 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-05 10:20:10 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-05 10:20:02 0 d-------- C:\WINDOWS\CSC
2007-06-04 12:31:14 0 d-------- C:\Program Files\IObit
2007-06-03 10:30:01 0 d-------- C:\VundoFix Backups
2007-05-30 21:08:28 0 d-------- C:\Program Files\DivX
2007-05-27 15:05:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-27 13:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Saved Games
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Application Data\FloodLightGames
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2007-05-26 18:23:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-05-26 15:58:17 0 d-------- C:\extensions


-- Find3M Report ---------------------------------------------------------------

2007-06-26 10:21:25 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-06-24 13:12:38 0 d-------- C:\Program Files\sollab
2007-06-22 16:07:55 0 d-------- C:\Documents and Settings\Teka\Application Data\DMCache
2007-06-12 13:58:03 77312 --a------ C:\WINDOWS\ua2.dll
2007-06-10 15:56:22 0 d-------- C:\Program Files\Messenger Plus! Live
2007-06-04 11:39:06 0 d-------- C:\Documents and Settings\Teka\Application Data\Uniblue
2007-06-04 11:38:58 0 d-------- C:\Program Files\Uniblue
2007-06-01 20:35:08 0 d-------- C:\Program Files\Advanced Uninstaller
2007-05-30 21:47:28 0 d-------- C:\Program Files\Winamp
2007-05-30 21:08:48 5141 --a------ C:\WINDOWS\mozver.dat
2007-05-26 15:57:21 0 d-------- C:\Program Files\Yahoo!
2007-05-26 15:55:08 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-05-25 13:23:13 0 d-------- C:\Documents and Settings\Teka\Application Data\Comodo
2007-05-24 15:20:40 0 d-------- C:\Program Files\Comodo
2007-05-24 14:02:26 4 --a------ C:\WINDOWS\system32\C99967
2007-05-24 14:01:09 0 d-------- C:\Program Files\Common Files\Real
2007-05-24 14:00:38 0 d-------- C:\Documents and Settings\Teka\Application Data\Real
2007-05-24 14:00:35 0 d-------- C:\Program Files\Rhapsody
2007-05-23 20:46:24 81550 --a------ C:\WINDOWS\system32\mi2.exe
2007-05-20 17:11:33 0 d-------- C:\Documents and Settings\Teka\Application Data\uTorrent
2007-05-20 13:10:55 4096 --a------ C:\WINDOWS\d3dx.dat
2007-05-20 13:09:47 0 d-------- C:\Program Files\ReflexiveArcade
2007-05-20 1208 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-14 23:07:10 0 d-------- C:\Documents and Settings\Teka\Application Data\Screenshot Sender
2007-05-14 2337 0 d-------- C:\Program Files\MSN Messenger
2007-05-13 20:51:11 0 d-------- C:\Program Files\RSSOwl
2007-05-10 20:12:06 0 d-------- C:\Program Files\LimeWire
2007-05-10 19:37:48 0 d-------- C:\Program Files\Google
2007-05-02 20:53:28 0 d-------- C:\Program Files\Ashampoo
2007-05-02 20:52:05 0 d-------- C:\Program Files\Alwil Software
2007-04-29 15:42:08 0 d-------- C:\Program Files\Macrogaming
2007-04-29 12:45:53 0 d-------- C:\Program Files\SecondLife
2007-04-29 12:34:02 0 d-------- C:\Documents and Settings\Teka\Application Data\SecondLife
2007-04-28 20:52:09 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-04-28 11:13:42 0 d-------- C:\Program Files\T-Com MAXadsl CD-ROM
2007-04-28 09:27:40 0 d-------- C:\Program Files\T-Com ADSL driver


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AtiPTA"="atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"Device Detector"="DevDetect.exe -autorun"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue SpeedUpMyPC"="C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe -s"
"msnmsgr"="~\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\Shell]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSMMyDocs"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoSMMyPictures"=dword:00000000
"NoFind"=dword:00000000
"StartMenuLogoff"=dword:00000001
"NoChangeStartMenu"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"MaxRecentDocs"=dword:0000000b
"NoStartMenuMFUprogramsList"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{CACA7731-9C77-464A-B1B7-462281DD8164}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrpp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WMIAPSRV


-- End of Deckard's System Scanner: finished at 2007-06-26 at 10:25:29 ---------
Attached Files
File Type: txt extra.txt (13.7 KB, 2 views)
Niazcro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-26-2007, 08:54 AM   #4 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: CPU Usage 100% when online
Hi Niazcro


*IMPORTANT*

I see you have more than one Anti-Virus program installed, Nod, AVG, Avast4 . While this may seem like greater protection, it can cause problems including slowdowns and system hangs. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:
re-install the program -> reboot -> uninstall
====================================


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================

Download this file - Here


* IMPORTANT !!! Place combofix.exe on your Desktop


Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

============================

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

=================

Please Run a scan with Deckard's System Scanner and save the log

===============================================

In your next post, please include fresh logs from:
  • ComboFix.txt
  • Online scan
  • main.txt
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-26-2007, 11:25 AM   #5 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 8
OS: WinXP


Re: CPU Usage 100% when online
Thank You for your replies. First, you should know that most of the day my CPU usage was normal. I didn't change anything, but i assume it can go crazy any minute now again.
Niazcro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-26-2007, 11:38 AM   #6 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: CPU Usage 100% when online
hiya

The main thing is to get rid of two of the anti viruses they will all be working more when you are online and can cause crashes and system failures
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-26-2007, 01:01 PM   #7 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 8
OS: WinXP


Re: CPU Usage 100% when online
Deckard's System Scanner v20070611.50
Run by Teka on 2007-06-26 at 21:58:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Teka.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:58:43, on 26.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Teka\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Teka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tportal.hr/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: T-Com - {640D51F7-EA3D-4F9A-A3A2-F803112C2C74} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tportal.hr/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6F78B7-0E69-40CF-80E6-86A10019C6AC}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsrpp - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe


-- Files created between 2007-05-26 and 2007-06-26 -----------------------------

2007-06-26 20:23:50 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-26 20:23:47 0 d-------- C:\WINDOWS\LastGood
2007-06-26 19:48:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-06-24 13:18:38 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-06-23 13:32:06 0 dr-h----- C:\Documents and Settings\Teka\Application Data\SecuROM
2007-06-23 13:20:12 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-06-10 15:56:21 0 d-------- C:\Program Files\Windows Live
2007-06-08 2233 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-06-06 20:14:24 0 d-------- C:\Documents and Settings\Teka\Application Data\RegSweep
2007-06-06 11:56:16 0 d-------- C:\WINDOWS\pss
2007-06-05 10:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-05 10:20:11 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-05 10:20:10 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-05 10:20:10 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-05 10:20:10 610304 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-05 10:20:10 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-05 10:20:02 0 d-------- C:\WINDOWS\CSC
2007-06-04 12:31:14 0 d-------- C:\Program Files\IObit
2007-06-03 10:30:01 0 d-------- C:\VundoFix Backups
2007-05-30 21:08:28 0 d-------- C:\Program Files\DivX
2007-05-27 15:05:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-27 13:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Saved Games
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Application Data\FloodLightGames
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames
2007-05-26 18:23:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-05-26 15:58:17 0 d-------- C:\extensions


-- Find3M Report ---------------------------------------------------------------

2007-06-26 21:05:30 0 d-------- C:\Program Files\Windows Live Toolbar
2007-06-26 21:05:24 0 d-------- C:\Program Files\Winamp
2007-06-26 21:01:22 0 d-------- C:\Program Files\MSN Messenger
2007-06-26 20:56:32 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-06-26 20:56:21 0 d-------- C:\Program Files\Messenger Plus! Live
2007-06-26 20:49:36 0 d-------- C:\Program Files\Advanced Uninstaller
2007-06-24 13:12:38 0 d-------- C:\Program Files\sollab
2007-06-22 16:07:55 0 d-------- C:\Documents and Settings\Teka\Application Data\DMCache
2007-06-12 13:58:03 77312 --a------ C:\WINDOWS\ua2.dll
2007-06-04 11:39:06 0 d-------- C:\Documents and Settings\Teka\Application Data\Uniblue
2007-06-04 11:38:58 0 d-------- C:\Program Files\Uniblue
2007-05-30 21:08:48 5141 --a------ C:\WINDOWS\mozver.dat
2007-05-26 15:57:21 0 d-------- C:\Program Files\Yahoo!
2007-05-26 15:55:08 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-05-25 13:23:13 0 d-------- C:\Documents and Settings\Teka\Application Data\Comodo
2007-05-24 15:20:40 0 d-------- C:\Program Files\Comodo
2007-05-24 14:02:26 4 --a------ C:\WINDOWS\system32\C99967
2007-05-24 14:01:09 0 d-------- C:\Program Files\Common Files\Real
2007-05-24 14:00:38 0 d-------- C:\Documents and Settings\Teka\Application Data\Real
2007-05-24 14:00:35 0 d-------- C:\Program Files\Rhapsody
2007-05-23 20:46:24 81550 --a------ C:\WINDOWS\system32\mi2.exe
2007-05-20 17:11:33 0 d-------- C:\Documents and Settings\Teka\Application Data\uTorrent
2007-05-20 13:10:55 4096 --a------ C:\WINDOWS\d3dx.dat
2007-05-20 13:09:47 0 d-------- C:\Program Files\ReflexiveArcade
2007-05-20 1208 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-14 23:07:10 0 d-------- C:\Documents and Settings\Teka\Application Data\Screenshot Sender
2007-05-13 20:51:11 0 d-------- C:\Program Files\RSSOwl
2007-05-10 20:12:06 0 d-------- C:\Program Files\LimeWire
2007-05-10 19:37:48 0 d-------- C:\Program Files\Google
2007-05-02 20:53:28 0 d-------- C:\Program Files\Ashampoo
2007-05-02 20:52:05 0 d-------- C:\Program Files\Alwil Software
2007-04-29 15:42:08 0 d-------- C:\Program Files\Macrogaming
2007-04-29 12:45:53 0 d-------- C:\Program Files\SecondLife
2007-04-29 12:34:02 0 d-------- C:\Documents and Settings\Teka\Application Data\SecondLife
2007-04-28 20:52:09 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-04-28 11:13:42 0 d-------- C:\Program Files\T-Com MAXadsl CD-ROM
2007-04-28 09:27:40 0 d-------- C:\Program Files\T-Com ADSL driver


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AtiPTA"="atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"Device Detector"="DevDetect.exe -autorun"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue SpeedUpMyPC"="C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe -s"
"msnmsgr"="~\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewContextMenu"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSMMyDocs"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoSMMyPictures"=dword:00000000
"StartMenuLogoff"=dword:00000001
"NoChangeStartMenu"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"MaxRecentDocs"=dword:0000000b
"NoStartMenuMFUprogramsList"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrpp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_VKQUWEXG
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WMIAPSRV


-- End of Deckard's System Scanner: finished at 2007-06-26 at 21:59:22 ---------














"Teka" - 2007-06-26 19:58:33 - ComboFix 07-06-27 - Service Pack 2 NTFS

Rootkit driver xpdt is present. ... attempting disinfection
xpdt ...... driver unloaded successfully.
ADS removed - system32: deleted 61092 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Teka\APPLIC~1.\macromedia\Flash Player\#SharedObjects\NMJJJKLC\www.broadcaster.com
C:\DOCUME~1\Teka\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Teka\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol


((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))


2007-06-26 19:56 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 10:21 <DIR> d-------- C:\Deckard
2007-06-24 13:18 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-24 13:18 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-24 13:18 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-23 13:32 <DIR> dr-h----- C:\DOCUME~1\Teka\APPLIC~1\SecuROM
2007-06-23 13:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
2007-06-10 15:56 <DIR> d-------- C:\Program Files\Windows Live
2007-06-08 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-06-06 20:14 <DIR> d-------- C:\DOCUME~1\Teka\APPLIC~1\RegSweep
2007-06-06 11:56 <DIR> d-------- C:\WINDOWS\pss
2007-06-05 10:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
2007-06-05 10:20 610,304 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-05 10:20 <DIR> d-------- C:\WINDOWS\CSC
2007-06-04 12:31 <DIR> d-------- C:\Program Files\IObit
2007-06-03 10:30 <DIR> d-------- C:\VundoFix Backups
2007-05-30 21:08 <DIR> d-------- C:\Program Files\DivX
2007-05-27 15:05 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-27 13:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-05-27 13:16 <DIR> d-------- C:\DOCUME~1\Teka\Saved Games
2007-05-27 13:16 <DIR> d-------- C:\DOCUME~1\Teka\APPLIC~1\FloodLightGames
2007-05-27 13:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames
2007-05-26 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-05-26 15:58 <DIR> d-------- C:\extensions


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-26 17:57:51 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-06-24 11:12:38 -------- d-----w C:\Program Files\sollab
2007-06-23 11:32:05 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-22 14:07:55 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\DMCache
2007-06-12 11:58:03 77,312 ----a-w C:\WINDOWS\ua2.dll
2007-06-10 13:56:22 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-05 10:36:37 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd7661.sys
2007-06-04 09:39:06 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Uniblue
2007-06-04 09:38:58 -------- d-----w C:\Program Files\Uniblue
2007-06-01 18:35:08 -------- d-----w C:\Program Files\Advanced Uninstaller
2007-05-30 19:47:28 -------- d-----w C:\Program Files\Winamp
2007-05-30 19:08:48 5,141 ----a-w C:\WINDOWS\mozver.dat
2007-05-26 13:57:21 -------- d-----w C:\Program Files\Yahoo!
2007-05-26 13:55:08 -------- d-----w C:\Program Files\Common Files\ACD Systems
2007-05-25 11:23:13 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Comodo
2007-05-24 13:20:40 -------- d-----w C:\Program Files\Comodo
2007-05-24 12:01:09 -------- d-----w C:\Program Files\Common Files\Real
2007-05-24 12:00:38 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Real
2007-05-24 12:00:36 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-05-24 12:00:35 -------- d-----w C:\Program Files\Rhapsody
2007-05-23 18:46:24 81,550 ----a-w C:\WINDOWS\system32\mi2.exe
2007-05-20 15:14:50 1,040,384 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-05-20 15:13:44 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll
2007-05-20 15:11:33 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\uTorrent
2007-05-20 11:10:55 4,096 ----a-w C:\WINDOWS\d3dx.dat
2007-05-20 11:09:47 -------- d-----w C:\Program Files\ReflexiveArcade
2007-05-20 1008 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 21:07:10 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Screenshot Sender
2007-05-14 2137 -------- d-----w C:\Program Files\MSN Messenger
2007-05-13 18:51:11 -------- d-----w C:\Program Files\RSSOwl
2007-05-10 18:12:06 -------- d-----w C:\Program Files\LimeWire
2007-05-10 17:37:48 -------- d-----w C:\Program Files\Google
2007-05-02 18:53:28 -------- d-----w C:\Program Files\Ashampoo
2007-05-02 18:52:05 -------- d-----w C:\Program Files\Alwil Software
2007-04-29 13:42:08 -------- d-----w C:\Program Files\Macrogaming
2007-04-29 10:45:53 -------- d-----w C:\Program Files\SecondLife
2007-04-29 10:34:02 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\SecondLife
2007-04-28 18:52:09 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-04-28 09:13:42 -------- d-----w C:\Program Files\T-Com MAXadsl CD-ROM
2007-04-28 07:27:40 -------- d-----w C:\Program Files\T-Com ADSL driver
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 18:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2005-11-23 03:05 C:\WINDOWS\system32\atiptaxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 19:06 C:\WINDOWS\soundman.exe]
"Device Detector"="DevDetect.exe" []
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-24 15:20]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-24 13:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" [2007-01-11 10:18]
"msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewContextMenu"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"StartMenuLogoff"=1 (0x1)
"NoChangeStartMenu"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"MaxRecentDocs"=11 (0xb)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-11-15 12:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrpp]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]


*Newly Created Service* - WMIAPSRV

Contents of the 'Scheduled Tasks' folder
2007-06-26 14:30:05 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-06-06 18:14:55 C:\WINDOWS\tasks\RegSweep Scheduled Scan.job
2007-06-19 09:22:00 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
2007-05-20 0939 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 20:00:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-26 20:01:03
C:\ComboFix-quarantined-files.txt ... 2007-06-26 20:00

--- E O F ---







Incident Status Location

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.ehg-ubisoft.hitbox.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.cs.sexcounter.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.maxserving.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.bravenet.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.kinghost.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[c.goclick.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.c2.gostats.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.clickbank.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.go.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.toplist.cz/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-1.txt[.xiti.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.tribalfusion.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.ehg-ubisoft.hitbox.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.cs.sexcounter.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.maxserving.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.bravenet.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.2o7.net/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.kinghost.com/]
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[c.goclick.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.c2.gostats.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.clickbank.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.go.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.toplist.cz/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies-2.txt[.xiti.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.com.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.go.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cookies.txt[.xiti.com/]
Virus:Malware Generic Disinfected C:\Program Files\Advanced Uninstaller\LoderRunOnce.exe
Virus:Malware Generic Disinfected C:\Program Files\Advanced Uninstaller\Monitor_Patch.exe
Virus:Malware Generic Disinfected C:\Program Files\Advanced Uninstaller\uninstaller_Patch.exe
Adware:Adware/SweetBar Not disinfected C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
Adware:Adware/SaveNow Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2A457B43-8EBF-4EBD-A654-F33BC0\014F59F0-69AD-48CC-BD44-E91F0E
Adware:Adware/WhenUSearch Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3387DA5E-7339-4C94-B2C1-B380DF\4E020DB5-FD4D-46DF-8978-D44E09
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Potentially unwanted tool:Application/CloseApp Not disinfected C:\WINDOWS\system32\closeapp.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected D:\Downloads\ComboFix.exe[nircmd.exe]
Adware:Adware/WUpd Not disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0128921.exe
Virus:Malware Generic Disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0129844.exe
Virus:Malware Generic Disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130363.exe
Potentially unwanted tool:Application/Psshutdown.A Not disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130746.exe
Virus:Malware Generic Disinfected D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130864.exe
Niazcro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-26-2007, 01:07 PM   #8 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 8
OS: WinXP


Re: CPU Usage 100% when online
Here are the files you wanted me to post. My computer has been running relatively smooth today . I suppose if you find nothing in these reports, I' ll just deal with occasional over-usage, so it's not an emergency. But if you think this requires further look-into I'll be happy to cooperate and solve this issue. Until it drives me completly nuts, at least. Kidding...
Niazcro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-26-2007, 04:02 PM   #9 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: CPU Usage 100% when online
Hi Niazcro,

ComboFix did a good job just a bit of tidying to do

I see you kept NOD good choice it is the one I use myself


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

========================

Open Notepad and copy/paste the text in the code box below into it:

Code:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\"winjvd32"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\2awtsrpp2=-
Save this as ComboFix-Do.txt, in the same location as ComboFix.exe




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe

Follow the prompts.

When finished, it shall produce a log for you. Post that log in your next reply along with a new HijackThis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

===============================================

From Control Panel->Add/Remove Programs, uninstall the following programs, if present, :
  • Advanced Uninstaller PRO 2005 - version 7
  • J2SE Runtime Environment 5.0 Update 9

=================

Run a scan with Teka.exe (located in C:\Program Files\HijackThis) & select/tick the following & click "Fix checked" :

O20 - Winlogon Notify: awtsrpp - C:\WINDOWS\
O20 - Winlogon Notify: winjvd32 - C:\WINDOWS\



Please remember to close all other windows, including browsers then click Fix checked.

===============================================


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
  • C:\Program Files\Advanced Uninstaller
    C:\Program Files\Alwil Software
    C:\PROGRA~1\Grisoft
If you have any problems reboot into safe mode to do the deletions
=======================

Please empty your Microsoft AntiSpyware Quarantine

====================================

Open Mozilla Firefox and go to
  • Click on Tools
  • Click on Options
  • Click on Privacy
  • Click on Clear Now for Cookies and Cache

======================

Please reboot your computer

From your desktop double-click on jre-6-windowsi586-p.exe to install the newest version

=============================

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


===================

Please Run a scan with Deckard's System Scanner and save the log

===============================================

In your next post, please include fresh logs from:
  • Kaspersky Online scan
  • main.txt
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-27-2007, 05:59 AM   #10 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 8
OS: WinXP


Re: CPU Usage 100% when online
Deckard's System Scanner v20070611.50
Run by Teka on 2007-06-27 at 14:54:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Teka.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:55:23, on 27.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Teka\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Teka.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tportal.hr/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: T-Com - {640D51F7-EA3D-4F9A-A3A2-F803112C2C74} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tportal.hr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6F78B7-0E69-40CF-80E6-86A10019C6AC}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: "winjvd32"=- - C:\WINDOWS\
O20 - Winlogon Notify: 2awtsrpp2=- - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe


-- Files created between 2007-05-27 and 2007-06-27 -----------------------------

2007-06-27 13:03:27 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-27 13:03:25 0 d-------- C:\WINDOWS\LastGood
2007-06-27 12:58:38 0 d-------- C:\Program Files\Common Files\Java
2007-06-26 20:23:50 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-26 19:48:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-06-24 13:18:38 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-06-23 13:32:06 0 dr-h----- C:\Documents and Settings\Teka\Application Data\SecuROM
2007-06-23 13:20:12 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-06-10 15:56:21 0 d-------- C:\Program Files\Windows Live
2007-06-08 2233 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-06-06 20:14:24 0 d-------- C:\Documents and Settings\Teka\Application Data\RegSweep
2007-06-06 11:56:16 0 d-------- C:\WINDOWS\pss
2007-06-05 10:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-05 10:20:11 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-05 10:20:10 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-05 10:20:10 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-05 10:20:10 610304 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-05 10:20:10 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-05 10:20:02 0 d-------- C:\WINDOWS\CSC
2007-06-04 12:31:14 0 d-------- C:\Program Files\IObit
2007-06-03 10:30:01 0 d-------- C:\VundoFix Backups
2007-05-30 21:08:28 0 d-------- C:\Program Files\DivX
2007-05-27 15:05:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-27 13:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Saved Games
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Application Data\FloodLightGames
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames


-- Find3M Report ---------------------------------------------------------------

2007-06-27 12:59:09 0 d-------- C:\Program Files\Java
2007-06-27 12:51:53 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-06-26 21:05:30 0 d-------- C:\Program Files\Windows Live Toolbar
2007-06-26 21:05:24 0 d-------- C:\Program Files\Winamp
2007-06-26 21:01:22 0 d-------- C:\Program Files\MSN Messenger
2007-06-26 20:56:21 0 d-------- C:\Program Files\Messenger Plus! Live
2007-06-24 13:12:38 0 d-------- C:\Program Files\sollab
2007-06-22 16:07:55 0 d-------- C:\Documents and Settings\Teka\Application Data\DMCache
2007-06-12 13:58:03 77312 --a------ C:\WINDOWS\ua2.dll
2007-06-04 11:39:06 0 d-------- C:\Documents and Settings\Teka\Application Data\Uniblue
2007-06-04 11:38:58 0 d-------- C:\Program Files\Uniblue
2007-05-30 21:08:48 5141 --a------ C:\WINDOWS\mozver.dat
2007-05-26 15:57:21 0 d-------- C:\Program Files\Yahoo!
2007-05-26 15:55:08 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-05-25 13:23:13 0 d-------- C:\Documents and Settings\Teka\Application Data\Comodo
2007-05-24 15:20:40 0 d-------- C:\Program Files\Comodo
2007-05-24 14:02:26 4 --a------ C:\WINDOWS\system32\C99967
2007-05-24 14:01:09 0 d-------- C:\Program Files\Common Files\Real
2007-05-24 14:00:38 0 d-------- C:\Documents and Settings\Teka\Application Data\Real
2007-05-24 14:00:35 0 d-------- C:\Program Files\Rhapsody
2007-05-23 20:46:24 81550 --a------ C:\WINDOWS\system32\mi2.exe
2007-05-20 17:11:33 0 d-------- C:\Documents and Settings\Teka\Application Data\uTorrent
2007-05-20 13:10:55 4096 --a------ C:\WINDOWS\d3dx.dat
2007-05-20 13:09:47 0 d-------- C:\Program Files\ReflexiveArcade
2007-05-20 1208 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-14 23:07:10 0 d-------- C:\Documents and Settings\Teka\Application Data\Screenshot Sender
2007-05-13 20:51:11 0 d-------- C:\Program Files\RSSOwl
2007-05-10 20:12:06 0 d-------- C:\Program Files\LimeWire
2007-05-10 19:37:48 0 d-------- C:\Program Files\Google
2007-05-02 20:53:28 0 d-------- C:\Program Files\Ashampoo
2007-04-29 15:42:08 0 d-------- C:\Program Files\Macrogaming
2007-04-29 12:45:53 0 d-------- C:\Program Files\SecondLife
2007-04-29 12:34:02 0 d-------- C:\Documents and Settings\Teka\Application Data\SecondLife
2007-04-28 20:52:09 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-04-28 11:13:42 0 d-------- C:\Program Files\T-Com MAXadsl CD-ROM
2007-04-28 09:27:40 0 d-------- C:\Program Files\T-Com ADSL driver


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AtiPTA"="atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"Device Detector"="DevDetect.exe -autorun"
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue SpeedUpMyPC"="C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe -s"
"msnmsgr"="~\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewContextMenu"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSMMyDocs"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoSMMyPictures"=dword:00000000
"StartMenuLogoff"=dword:00000001
"NoChangeStartMenu"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"MaxRecentDocs"=dword:0000000b
"NoStartMenuMFUprogramsList"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\"winjvd32"=-
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\2awtsrpp2=-

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WMIAPSRV


-- End of Deckard's System Scanner: finished at 2007-06-27 at 14:55:50 ---------







"Teka" - 2007-06-27 12:37:22 - ComboFix 07-06-27 - Service Pack 2 NTFS
Command switches used :: D:\Downloads\ComboFix-DO.txt


((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))


2007-06-26 20:23 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-26 19:56 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 10:21 <DIR> d-------- C:\Deckard
2007-06-24 13:18 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-24 13:18 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-24 13:18 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-23 13:32 <DIR> dr-h----- C:\DOCUME~1\Teka\APPLIC~1\SecuROM
2007-06-23 13:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
2007-06-10 15:56 <DIR> d-------- C:\Program Files\Windows Live
2007-06-08 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-06-06 20:14 <DIR> d-------- C:\DOCUME~1\Teka\APPLIC~1\RegSweep
2007-06-06 11:56 <DIR> d-------- C:\WINDOWS\pss
2007-06-05 10:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
2007-06-05 10:20 610,304 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-05 10:20 <DIR> d-------- C:\WINDOWS\CSC
2007-06-04 12:31 <DIR> d-------- C:\Program Files\IObit
2007-06-03 10:30 <DIR> d-------- C:\VundoFix Backups
2007-05-30 21:08 <DIR> d-------- C:\Program Files\DivX
2007-05-27 15:05 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-27 13:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-05-27 13:16 <DIR> d-------- C:\DOCUME~1\Teka\Saved Games
2007-05-27 13:16 <DIR> d-------- C:\DOCUME~1\Teka\APPLIC~1\FloodLightGames
2007-05-27 13:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-27 06:39:46 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-06-26 19:05:30 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-06-26 19:05:24 -------- d-----w C:\Program Files\Winamp
2007-06-26 19:01:22 -------- d-----w C:\Program Files\MSN Messenger
2007-06-26 18:56:21 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-26 18:49:36 -------- d-----w C:\Program Files\Advanced Uninstaller
2007-06-24 11:12:38 -------- d-----w C:\Program Files\sollab
2007-06-23 11:32:05 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-22 14:07:55 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\DMCache
2007-06-12 11:58:03 77,312 ----a-w C:\WINDOWS\ua2.dll
2007-06-05 10:36:37 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd7661.sys
2007-06-04 09:39:06 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Uniblue
2007-06-04 09:38:58 -------- d-----w C:\Program Files\Uniblue
2007-05-30 19:08:48 5,141 ----a-w C:\WINDOWS\mozver.dat
2007-05-26 13:57:21 -------- d-----w C:\Program Files\Yahoo!
2007-05-26 13:55:08 -------- d-----w C:\Program Files\Common Files\ACD Systems
2007-05-25 11:23:13 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Comodo
2007-05-24 13:20:40 -------- d-----w C:\Program Files\Comodo
2007-05-24 12:01:09 -------- d-----w C:\Program Files\Common Files\Real
2007-05-24 12:00:38 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Real
2007-05-24 12:00:36 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-05-24 12:00:35 -------- d-----w C:\Program Files\Rhapsody
2007-05-23 18:46:24 81,550 ----a-w C:\WINDOWS\system32\mi2.exe
2007-05-20 15:14:50 1,040,384 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-05-20 15:13:44 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll
2007-05-20 15:11:33 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\uTorrent
2007-05-20 11:10:55 4,096 ----a-w C:\WINDOWS\d3dx.dat
2007-05-20 11:09:47 -------- d-----w C:\Program Files\ReflexiveArcade
2007-05-20 1008 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 21:07:10 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\Screenshot Sender
2007-05-13 18:51:11 -------- d-----w C:\Program Files\RSSOwl
2007-05-10 18:12:06 -------- d-----w C:\Program Files\LimeWire
2007-05-10 17:37:48 -------- d-----w C:\Program Files\Google
2007-05-02 18:53:28 -------- d-----w C:\Program Files\Ashampoo
2007-05-02 18:52:05 -------- d-----w C:\Program Files\Alwil Software
2007-04-29 13:42:08 -------- d-----w C:\Program Files\Macrogaming
2007-04-29 10:45:53 -------- d-----w C:\Program Files\SecondLife
2007-04-29 10:34:02 -------- d-----w C:\DOCUME~1\Teka\APPLIC~1\SecondLife
2007-04-28 18:52:09 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-04-28 09:13:42 -------- d-----w C:\Program Files\T-Com MAXadsl CD-ROM
2007-04-28 07:27:40 -------- d-----w C:\Program Files\T-Com ADSL driver
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 18:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"="atiptaxx.exe" [2005-11-23 03:05 C:\WINDOWS\system32\atiptaxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 19:06 C:\WINDOWS\soundman.exe]
"Device Detector"="DevDetect.exe" []
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-05-24 15:20]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-24 13:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" [2007-01-11 10:18]
"msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewContextMenu"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"StartMenuLogoff"=1 (0x1)
"NoChangeStartMenu"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"MaxRecentDocs"=11 (0xb)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-11-15 12:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\"winjvd32"=-]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\2awtsrpp2=-]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsrpp]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]


*Newly Created Service* - WMIAPSRV

Contents of the 'Scheduled Tasks' folder
2007-06-27 10:30:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-06-06 18:14:55 C:\WINDOWS\tasks\RegSweep Scheduled Scan.job
2007-06-19 09:22:00 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
2007-05-20 0939 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 12:39:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-27 12:40:09
C:\ComboFix-quarantined-files.txt ... 2007-06-27 12:39
C:\ComboFix2.txt ... 2007-06-26 20:01

--- E O F ---









KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 27, 2007 2:54:11 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/06/2007
Kaspersky Anti-Virus database records: 354272
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 76851
Number of viruses found 8
Number of infected objects 18 / 0
Number of suspicious objects 0
Duration of the scan process 01:39:02

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_344.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\cert8.db Object is locked skipped
C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\history.dat Object is locked skipped
C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\key3.db Object is locked skipped
C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\parent.lock Object is locked skipped
C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Teka\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Teka\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Teka\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Teka\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Teka\Local Settings\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Teka\Local Settings\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Teka\Local Settings\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Teka\Local Settings\Application Data\Mozilla\Firefox\Profiles\rmleubct.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Teka\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Teka\Local Settings\History\History.IE5\MSHist012007062720070628\index.dat Object is locked skipped
C:\Documents and Settings\Teka\Local Settings\Temp\Perflib_Perfdata_124.dat Object is locked skipped
C:\Documents and Settings\Teka\Local Settings\Temp\Perflib_Perfdata_14c.dat Object is locked skipped
C:\Documents and Settings\Teka\Local Settings\Temp\~DF15F6.tmp Object is locked skipped
C:\Documents and Settings\Teka\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Teka\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Teka\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\3387DA5E-7339-4C94-B2C1-B380DF\4E020DB5-FD4D-46DF-8978-D44E09 Infected: not-a-virus:AdWare.Win32.SaveNow.bs skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_1138.trc Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{132C3C4D-7DF0-4A3C-B271-CE0268C9DE06}\RP137\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7B15A2F6-C795-41C8-9595-BBCBC4DFE5B1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7661.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem - When Im Gone - Curtain Call.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-V-Papa-Doc.html Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-V-Papa-Doc_files\a.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-V-Papa-Doc_files\ads.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-V-Papa-Doc_files\dots.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-V-Papa-Doc_files\popReport.js Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-V-Papa-Doc_files\show_ads Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-V-Papa-Doc_files\style.css Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-Vs-Lyckity-Splyt.html Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-Vs-Lyckity-Splyt_files\a.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-Vs-Lyckity-Splyt_files\ads.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-Vs-Lyckity-Splyt_files\dots.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-Vs-Lyckity-Splyt_files\popReport.js Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-Vs-Lyckity-Splyt_files\show_ads Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\8-Mile-Battle-Vs-Lyckity-Splyt_files\style.css Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Bully-Full.html Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Bully-Full_files\a.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Bully-Full_files\ads.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Bully-Full_files\dots.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Bully-Full_files\fast_sky.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Bully-Full_files\fast_sky_data\get.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Bully-Full_files\fast_sky_data\get_data\media58363.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Bully-Full_files\popReport.js Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Bully-Full_files\show_ads Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Bully-Full_files\style.css Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Christmas-Stan-Parody.html Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Christmas-Stan-Parody_files\a.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Christmas-Stan-Parody_files\ads.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Christmas-Stan-Parody_files\dots.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Christmas-Stan-Parody_files\fast_sky.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Christmas-Stan-Parody_files\fast_sky_data\get.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Christmas-Stan-Parody_files\popReport.js Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Christmas-Stan-Parody_files\show_ads Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Christmas-Stan-Parody_files\style.css Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Crazy-In-Love.html Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Crazy-In-Love_files\a.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Crazy-In-Love_files\ads.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Crazy-In-Love_files\dots.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Crazy-In-Love_files\popReport.js Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Crazy-In-Love_files\show_ads Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Crazy-In-Love_files\style.css Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Dear-Marshall-Eminem-s-Mom.html Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Dear-Marshall-Eminem-s-Mom_files\a.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Dear-Marshall-Eminem-s-Mom_files\ads.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Dear-Marshall-Eminem-s-Mom_files\dots.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Dear-Marshall-Eminem-s-Mom_files\fast_sky.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Dear-Marshall-Eminem-s-Mom_files\fast_sky_data\get.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Dear-Marshall-Eminem-s-Mom_files\fast_sky_data\get_data\cp.js Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Dear-Marshall-Eminem-s-Mom_files\fast_sky_data\get_data\cp_002.js Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Dear-Marshall-Eminem-s-Mom_files\popReport.js Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Dear-Marshall-Eminem-s-Mom_files\show_ads Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Dear-Marshall-Eminem-s-Mom_files\style.css Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\EMINEM ENCORE.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\EMINEM ENCORE_files\flash_top.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\EMINEM ENCORE_files\flash_top_data\loader.swf Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\EMINEM ENCORE_files\index_news.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\EMINEM ENCORE_files\index_news_data\bio.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\EMINEM ENCORE_files\index_news_data\bio_data\mainstyle.css Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\EMINEM ENCORE_files\index_news_data\header01.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\EMINEM ENCORE_files\index_news_data\header01_data\head_aro.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\EMINEM ENCORE_files\index_news_data\side05.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\EMINEM ENCORE_files\index_news_data\side05_data\side05.swf Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Evil-Deeds.html Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Evil-Deeds_files\a.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Evil-Deeds_files\ads.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Evil-Deeds_files\dots.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Evil-Deeds_files\fast_sky.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Evil-Deeds_files\fast_sky_data\get.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Evil-Deeds_files\fast_sky_data\get_data\media51413.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Evil-Deeds_files\popReport.js Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Evil-Deeds_files\show_ads Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Evil-Deeds_files\style.css Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\mockingbird.html Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mosh.html Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mosh_files\a.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mosh_files\ads.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mosh_files\dots.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mosh_files\fast_sky.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mosh_files\popReport.js Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mosh_files\show_ads Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mosh_files\style.css Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mother-Mother.html Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mother-Mother_files\a.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mother-Mother_files\ads.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mother-Mother_files\dots.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mother-Mother_files\popReport.js Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mother-Mother_files\show_ads Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Mother-Mother_files\style.css Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Yellow-Brick-Road.html Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Yellow-Brick-Road_files\a.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Yellow-Brick-Road_files\ads.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Yellow-Brick-Road_files\dots.gif Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Yellow-Brick-Road_files\fast_sky.htm Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Yellow-Brick-Road_files\popReport.js Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Yellow-Brick-Road_files\show_ads Object is locked skipped
D:\Glazba\Ana Tekich\Eminem\Eminem Lyrics\Yellow-Brick-Road_files\style.css Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Aaliyah - Try Again.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Alicia Keyes - Girlfriend.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Alicia Keys feat. Usher - My Boo.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Ashlee Simpson - Pieces Of Me.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Avril Lavigne - Nobody's Home.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\BB Stanari - Big Božić Song.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Beyonce - Baby Boy (Feat. Sean Paul).mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Beyonce - That's How You Like It (Feat. Jay-Z).mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Bro'Sis - Missing An Angel.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Cher - If I Could Turn Back The Time.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Cindy Lauper - Girls Just Wanna Have Fun.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Culture Club - Carma Chameleon.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Cutting Crew - (I Just) Died In Tour Arms.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Daniel Bedingfield - I gotta get through this.cda Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Debelh Morgan - Dance For Me.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Destiny's Child - 07 - Sexy Daddy.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Destiny's Child - 13 - Emotion.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Destiny's Child - Lose My Breath.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Destiny's Child - Say My Name.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Dido - Here With Me.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Dido - Hunter.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Enrique Iglesias - Hero (slow version).mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Era - Ameno.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Eve Feat. Alicia Keys - Gangsta Lovin.Mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Four Non Blondes - What's Going On.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Gwen Steffani - What You Waiting For.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Jennifer Paige - Crush.cda Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\JoJo feat. Lil Bow Wow - Baby It's You.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\K-Maro - Femme Like U.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Kelly Rowland - Dilemma.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Limp Bizkit - Take a look around.cda Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Linking Park & Jay-Z - Numb Vs. Encore.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Lorna - Papi Chulo (Extended Remix).mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Maroon 5 - She Will Be Loved.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Mary J. Blige - Family Affair.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Mary J. Blige - No More Drama.MP3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Massimo - Bacila je sve niz rijeku.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Mya - Case Of The Ex.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Natasha Bedingfield - These Words.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Nelly ft Christina Aguilera - Tilt Ya Head Back.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Nelly Furtado - I'm Like A Bird.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\R. Kelly - Fiesta.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Roxette - It Must Been Love.MP3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Toše Proeski - Nikada.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Toše Proeski - Što si otišla.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Usher - 06 - Burn.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Lana-strane\Lana - strane2\Vlatka Pačarić - Big Brother Song (Radio TV Edit).mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\20. Ibrica Jusić - .mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\2Pac - Ghetto Gospel (Feat. Akon).mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\Akon-Lonely.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\AMV - Final Fantasy VIII IX X- System Of A Down - Chop Suey.mpeg Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\ashanti feat murda inc - foolish.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\Ashanty - Happy.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\Creed - One last breath.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\Creed-Sacrifice.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\Dino Dvornik - Ti Si Mi U Mislima.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\DJ QUICK SILVER - Ameno.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\Iron Maiden-Fear of The Dark.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\JAMELIA - Thank You 1.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\Kylie Minogue-On A Night Like This.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\Magazin - Kokolo.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\MTV all stars - what's going on.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\N SYNC - pop.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\Plavi - Orkestar - Sava tiho tece.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\Plavi orkestar - Bolje biti pijan nego star.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\SARAH CONNOR FEAT TQ - let's get back to bed boy.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\Tomislav Ivcic - Veceras je nasa festa.mp3 Object is locked skipped
D:\Glazba\Ana Tekich\Obrovac mix\Pero N64\Wyclef Jean - Wish You Were Here (Pink Floyd Cover).mp3 Object is locked skipped
D:\Glazba\Domaće\Pivnica\Toše Proeski - Nikada.mp3 Object is locked skipped
D:\Glazba\Domaće\Pivnica\Toše Proeski - Što si otišla.mp3 Object is locked skipped
D:\Slike\Designe\Bryce\green_forest.jpg Object is locked skipped
D:\Slike\Designe\Color3\Escape2.jpg Object is locked skipped
D:\Slike\Designe\Color3\win_dragon.jpg Object is locked skipped
D:\Slike\Designe\Designe7\setupbikini6.exe Object is locked skipped
D:\Slike\Designe\Sex Cafe\SeX Slike 4\010.jpg Object is locked skipped
D:\Slike\Designe\Sex Cafe\Sex Slike 6\08-04.jpg Object is locked skipped
D:\Slike\Designe\Sex Cafe\Sex Slike 6\10-02.jpg Object is locked skipped
D:\Slike\Designe\Sex Cafe\Sex Slike 6\10-04.jpg Object is locked skipped
D:\Slike\Designe\Sex Cafe\Sex Slike 6\nautica01-101.jpg Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP468\A0127985.lnk Object is locked skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0128921.exe/data0004 Infected: not-a-virus:AdWare.Win32.WinAD.ab skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0128921.exe Inno: infected - 1 skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130254.exe/data0011/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130254.exe/data0011/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130254.exe/data0011 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130254.exe Inno: infected - 3 skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130357.exe/WISE0021.BIN/dapiebar.dll Infected: not-a-virus:AdWare.Win32.Dap.c skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130357.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Dap.c skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130357.exe WiseSFX: infected - 2 skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130358.exe/irsetup.dat Infected: Trojan.Win32.VB.ac skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130358.exe/sysmon.exe Infected: Trojan.Win32.VB.ac skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130358.exe SetupFactory: infected - 2 skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130361.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130361.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130361.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130361.exe RarSFX: infected - 3 skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130812.lnk Object is locked skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130813.lnk Object is locked skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130815.lnk Object is locked skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130819.lnk Object is locked skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130822.lnk Object is locked skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130824.lnk Object is locked skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130825.lnk Object is locked skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130826.lnk Object is locked skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130828.lnk Object is locked skipped
D:\System Volume Information\_restore{E76877C0-CD1A-4222-9784-43C353BFAE41}\RP484\A0130831.lnk Object is locked skipped
Scan process completed.
Niazcro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-27-2007, 07:55 AM   #11 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: CPU Usage 100% when online
Hi Niazcro

We are almost there now

Run a scan with Teka.exe (located in C:\Program Files\HijackThis) & select/tick the following & click "Fix checked" :

O20 - Winlogon Notify: "winjvd32"=- - C:\WINDOWS\
O20 - Winlogon Notify: 2awtsrpp2=- - C:\WINDOWS\



Please remember to close all other windows, including browsers then click Fix checked.

Please run another scan with Deckard's System Scanner (DSS) and post the Main.txt here
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-27-2007, 08:01 AM   #12 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 8
OS: WinXP


Re: CPU Usage 100% when online
Deckard's System Scanner v20070611.50
Run by Teka on 2007-06-27 at 17:02:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Teka.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 17:02:29, on 27.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Teka\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Teka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tportal.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tportal.hr/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: T-Com - {640D51F7-EA3D-4F9A-A3A2-F803112C2C74} - C:\Program Files\Internet Explorer\SIGNUP\HTnet Start.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tportal.hr/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F6F78B7-0E69-40CF-80E6-86A10019C6AC}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe


-- Files created between 2007-05-27 and 2007-06-27 -----------------------------

2007-06-27 13:03:27 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-27 13:03:25 0 d-------- C:\WINDOWS\LastGood
2007-06-27 12:58:38 0 d-------- C:\Program Files\Common Files\Java
2007-06-26 20:23:50 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-26 19:48:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-06-24 13:18:38 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-06-23 13:32:06 0 dr-h----- C:\Documents and Settings\Teka\Application Data\SecuROM
2007-06-23 13:20:12 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-06-10 15:56:21 0 d-------- C:\Program Files\Windows Live
2007-06-08 2233 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-06-06 20:14:24 0 d-------- C:\Documents and Settings\Teka\Application Data\RegSweep
2007-06-06 11:56:16 0 d-------- C:\WINDOWS\pss
2007-06-05 10:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-06-05 10:20:11 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-05 10:20:11 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-05 10:20:11 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-05 10:20:10 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-05 10:20:10 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-05 10:20:10 610304 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-05 10:20:10 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-06-05 10:20:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-05 10:20:02 0 d-------- C:\WINDOWS\CSC
2007-06-04 12:31:14 0 d-------- C:\Program Files\IObit
2007-06-03 10:30:01 0 d-------- C:\VundoFix Backups
2007-05-30 21:08:28 0 d-------- C:\Program Files\DivX
2007-05-27 15:05:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-27 13:21:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Saved Games
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\Teka\Application Data\FloodLightGames
2007-05-27 13:16:21 0 d-------- C:\Documents and Settings\All Users\Application Data\FloodLightGames


-- Find3M Report ---------------------------------------------------------------

2007-06-27 12:59:09 0 d-------- C:\Program Files\Java
2007-06-27 12:51:53 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-06-26 21:05:30 0 d-------- C:\Program Files\Windows Live Toolbar
2007-06-26 21:05:24 0 d-------- C:\Program Files\Winamp
2007-06-26 21:01:22 0 d-------- C:\Program Files\MSN Messenger
2007-06-26 20:56:21 0 d-------- C:\Program Files\Messenger Plus! Live
2007-06-24 13:12:38 0 d-------- C:\Program Files\sollab
2007-06-22 16:07:55 0 d-------- C:\Documents and Settings\Teka\Application Data\DMCache
2007-06-12 13:58:03 77312 --a------ C:\WINDOWS\ua2.dll
2007-06-04 11:39:06 0 d-------- C:\Documents and Settings\Teka\Application Data\Uniblue
2007-06-04 11:38:58 0 d-------- C:\Program Files\Uniblue
2007-05-30 21:08:48 5141 --a------ C:\WINDOWS\mozver.dat
2007-05-26 15:57:21 0 d-------- C:\Program Files\Yahoo!
2007-05-26 15:55:08 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-05-25 13:23:13 0 d-------- C:\Documents and Settings\Teka\Application Data\Comodo
2007-05-24 15:20:40 0 d-------- C:\Program Files\Comodo
2007-05-24 14:02:26 4 --a------ C:\WINDOWS\system32\C99967
2007-05-24 14:01:09 0 d-------- C:\Program Files\Common Files\Real
2007-05-24 14:00:38 0 d-------- C:\Documents and Settings\Teka\Application Data\Real
2007-05-24 14:00:35 0 d-------- C:\Program Files\Rhapsody
2007-05-23 20:46:24 81550 --a------ C:\WINDOWS\system32\mi2.exe
2007-05-20 17:11:33 0 d-------- C:\Documents and Settings\Teka\Application Data\uTorrent
2007-05-20 13:10:55 4096 --a------ C:\WINDOWS\d3dx.dat
2007-05-20 13:09:47 0 d-------- C:\Program Files\ReflexiveArcade
2007-05-20 1208 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-14 23:07:10 0 d-------- C:\Documents and Settings\Teka\Application Data\Screenshot Sender
2007-05-13 20:51:11 0 d-------- C:\Program Files\RSSOwl
2007-05-10 20:12:06 0 d-------- C:\Program Files\LimeWire
2007-05-10 19:37:48 0 d-------- C:\Program Files\Google
2007-05-02 20:53:28 0 d-------- C:\Program Files\Ashampoo
2007-04-29 15:42:08 0 d-------- C:\Program Files\Macrogaming
2007-04-29 12:45:53 0 d-------- C:\Program Files\SecondLife
2007-04-29 12:34:02 0 d-------- C:\Documents and Settings\Teka\Application Data\SecondLife
2007-04-28 20:52:09 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-04-28 11:13:42 0 d-------- C:\Program Files\T-Com MAXadsl CD-ROM
2007-04-28 09:27:40 0 d-------- C:\Program Files\T-Com ADSL driver


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AtiPTA"="atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"Device Detector"="DevDetect.exe -autorun"
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue SpeedUpMyPC"="C:\\Program Files\\Uniblue\\SpeedUpMyPC\\SpeedUpMyPC.exe -s"
"msnmsgr"="~\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewContextMenu"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoSMMyDocs"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoSMMyPictures"=dword:00000000
"StartMenuLogoff"=dword:00000001
"NoChangeStartMenu"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"MaxRecentDocs"=dword:0000000b
"NoStartMenuMFUprogramsList"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WMIAPSRV


-- End of Deckard's System Scanner: finished at 2007-06-27 at 17:02:49 ---------
Niazcro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-27-2007, 12:12 PM   #13 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: CPU Usage 100% when online
Your log are clean. If there aren't any more problems, please continue with these final instructions.

C:\QooBox\ & C:\VundoFix Backups\ should be deleted/removed

C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while


----------------------


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
    Go to Start → Run → type control sysdm.cpl,,4 & press Enter
    • Tick on the checkbox - Turn off System Restore on all drives
    • Click Apply
    Turn it back 'On' by unticking the same checkbox & click OK


  2. DISABLE THE VIEWING OF SYSTEM FILES
    From Windows Explorer, go to Tools>Folder Options> View tab.
    • Untick - Show hidden files and folder
    • Tick - Hide file extensions for known types
    • Tick - Hide protected operating system files
    Click Yes to confirm & then click OK


  3. SECURING INTERNET EXPLORER
    From within Internet Explorer click on the Tools menu and then click on Internet Options.
    • Select the Security tab
      • Click once on the Internet icon so it becomes highlighted.
      • Select Custom Level .
        • Change 'Download signed ActiveX controls' to Prompt
        • Change 'Download unsigned ActiveX controls' to Disable
        • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
        • Change 'Installation of desktop items' to Prompt
        • Change 'Launching programs and files in an IFRAME' to Prompt
        • Change 'Navigate sub-frames across different domains' to Prompt
        • When all these changes have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Select OK to exit the Internet Properties page.


  4. ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources → http://www.bleepingcomputer.com/forums/topict405.html

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  5. FIREWALL
    Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html


  6. Microsoft Windows Updatehttp://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  7. SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial43.html

  8. AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial48.html


  9. SPYWAREBLASTER
    SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.

    Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html


  10. IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows.

  • http://cleanup.stevengould.org/ - CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

  • http://www.winpatrol.com/ -Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here: http://www.winpatrol.com/features.html

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 06-27-2007, 03:31 PM   #14 (permalink)
Registered User
 
Join Date: Jun 2007
Posts: 8
OS: WinXP


Re: CPU Usage 100% when online
Thank you very much alba, my computer is doing fine now. Not very sure what you did, but it worked. Hope I don't need your help in the future. Best wishes.
Niazcro is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:13 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84