Tech Support Forum banner
Cancel

pc secure system

Jump to Latest Follow
Status
Not open for further replies.
1 - 6 of 6 Posts
A

· Registered
Joined
·
3 Posts
Discussion Starter · #1 · (Edited)
Hello. I got pcsecuresystem spyware who really annoys me :upset:
I searched many sites for help but none of them helped me much.
I ask you to help me because you are the only group i can count on :smile:
Hope you will find a way how to remove that annoying little spyware crap.

Here is my log



Logfile of HijackThis v1.99.1
Scan saved at 23:08:16, on 17.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sound Clips for Messenger\SoundClips.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WallCooler\WallCoolerConsole.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\WallCooler\WallCoolerService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53C24861-FF64-7DC9-8B2E-068911FEBA06} - C:\Program Files\zwvnmtsd\ttzisnmv.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: browser optimizer by rightonadz - {971C3384-F75E-4562-95B3-CBE7417529BC} - (no file)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsw22D.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\oazkppce.dll
O2 - BHO: (no name) - {D07ADFA5-E534-4957-B3EF-477627C0EB3C} - (no file)
O2 - BHO: MSVPS System - {F675EED8-4A4B-4A11-801B-08297749B83D} - C:\WINDOWS\oprevnpx.dll
O3 - Toolbar: The nssfrch - {61AB8A39-FCCB-47CC-BAF3-750D1834E773} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: The bonsws - {05E9894E-9C5F-454B-A6E1-7BEF518EC87E} - C:\WINDOWS\bonsws.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\oazkppce.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundClips] "C:\Program Files\Sound Clips for Messenger\SoundClips.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Wallcooler] "C:\Program Files\WallCooler\WallCoolerConsole.exe" LOGIN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [isCfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe"
O4 - HKLM\..\Run: [688852fc] "rundll32.exe" "C:\WINDOWS\system32\bbaogaps.dll",b
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" /S
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\VISUAL~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\VISUAL~1\NTXtoolbar.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B0304C4-731E-4908-9FF9-D0D656A4D81D}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: oazkppce - C:\WINDOWS\SYSTEM32\oazkppce.dll
O20 - Winlogon Notify: winubg32 - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ddkret - {8DE07767-C971-4E28-BE3F-59E55E631A28} - C:\WINDOWS\ddkret.dll
O21 - SSODL: nopctrl - {FCB31598-A49E-4A2E-8438-3895E5E917C3} - C:\WINDOWS\nopctrl.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WallCoolerService - Vedivi Ltd. - C:\Program Files\WallCooler\WallCoolerService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe





sorry if i made topic on wrong place, you can move it where it should be
 
tetonbob

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
#2 ·
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please download VundoFix.exe to your desktop. We'll use this later.

Download SDFix and save it to your Desktop.

Disconnect from the internet.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

---------------------------------------------------------------------------------------------

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in your next reply..
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Once VundoFix has completed it's work....

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist and click Fix Checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {53C24861-FF64-7DC9-8B2E-068911FEBA06} - C:\Program Files\zwvnmtsd\ttzisnmv.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsw22D.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\oazkppce.dll
O2 - BHO: (no name) - {D07ADFA5-E534-4957-B3EF-477627C0EB3C} - (no file)
O2 - BHO: MSVPS System - {F675EED8-4A4B-4A11-801B-08297749B83D} - C:\WINDOWS\oprevnpx.dll
O3 - Toolbar: The nssfrch - {61AB8A39-FCCB-47CC-BAF3-750D1834E773} - (no file)
O3 - Toolbar: The bonsws - {05E9894E-9C5F-454B-A6E1-7BEF518EC87E} - C:\WINDOWS\bonsws.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\oazkppce.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [688852fc] "rundll32.exe" "C:\WINDOWS\system32\bbaogaps.dll",b
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O20 - Winlogon Notify: oazkppce - C:\WINDOWS\SYSTEM32\oazkppce.dll
O20 - Winlogon Notify: winubg32 - C:\WINDOWS\


Close HijackThis now.

---------------------------------------------------------------------------------------------

Delete this folder:

C:\Program Files\zwvnmtsd

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Post that log in your next reply.

---------------------------------------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------
 
A

· Registered
Joined
·
3 Posts
Discussion Starter · #3 · (Edited by Moderator)
Here are the logs

vundofix.txt



VundoFix V6.6.2

Checking Java version...

Scan started at 22:59:38 20.11.2007

Listing files found while scanning....

C:\windows\system32\oazkppce.dll
C:\windows\system32\oazkppce.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\oazkppce.dll
C:\windows\system32\oazkppce.dll Has been deleted!

Attempting to delete C:\windows\system32\oazkppce.dllbox
C:\windows\system32\oazkppce.dllbox Has been deleted!

Performing Repairs to the registry.
Done!




report.txt




SDFix: Version 1.115

Run by vedran on uto 20.11.2007 at 23:29

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...

Service NdisWon - Deleted after Reboot

Normal Mode:
Checking Files:

Trojan Files Found:

C:\175376~1 - Deleted
C:\Documents and Settings\vedran\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\vedran\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\vedran\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\vedran\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\vedran\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\vedran\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\bonsws.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\ddkret.dll - Deleted
C:\WINDOWS\nopctrl.dll - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\sawkip.exe - Deleted



Folder C:\WINDOWS\privacy_danger - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-20 23:33:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:dna"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 13 Jun 2007 55,808 A..H. --- "C:\WINDOWS\system32\winIogon.exe~"
Sun 21 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 9 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Thu 9 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Fri 19 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe95c915e785c18bf9cc0792fb5a73df\BIT1.tmp"
Tue 13 Nov 2007 444 ...HR --- "C:\Documents and Settings\vedran\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!



and of course two attachments (main and extra.txt) :smile:

Deckard's System Scanner v20071014.68
Run by vedran on 2007-11-20 23:41:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-11-20 22:41:52 UTC - RP4 - Deckard's System Scanner Restore Point
2: 2007-11-19 15:58:45 UTC - RP3 - Uniblue RegistryBooster
1: 2007-11-18 18:46:37 UTC - RP2 - ComboFix created restore point


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as vedran.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:42:16, on 20.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\WallCooler\WallCoolerService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WallCooler\WallCoolerConsole.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\vedran\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\vedran.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: browser optimizer by rightonadz - {971C3384-F75E-4562-95B3-CBE7417529BC} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundClips] "C:\Program Files\Sound Clips for Messenger\SoundClips.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Wallcooler] "C:\Program Files\WallCooler\WallCoolerConsole.exe" LOGIN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [isCfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpyHunter] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" /S
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\VISUAL~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\VISUAL~1\NTXtoolbar.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B0304C4-731E-4908-9FF9-D0D656A4D81D}: NameServer = 192.168.2.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WallCoolerService - Vedivi Ltd. - C:\Program Files\WallCooler\WallCoolerService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20071120-232735-218 O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
backup-20071120-232735-271 O15 - Trusted Zone: http://click.getmirar.com (HKLM)
backup-20071120-232735-319 O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
backup-20071120-232735-326 O3 - Toolbar: The bonsws - {05E9894E-9C5F-454B-A6E1-7BEF518EC87E} - C:\WINDOWS\bonsws.dll
backup-20071120-232735-473 O2 - BHO: (no name) - {D07ADFA5-E534-4957-B3EF-477627C0EB3C} - (no file)
backup-20071120-232735-650 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20071120-232735-652 O2 - BHO: (no name) - {53C24861-FF64-7DC9-8B2E-068911FEBA06} - C:\Program Files\zwvnmtsd\ttzisnmv.dll
backup-20071120-232735-657 O3 - Toolbar: The nssfrch - {61AB8A39-FCCB-47CC-BAF3-750D1834E773} - (no file)
backup-20071120-232735-701 O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
backup-20071120-232735-726 O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
backup-20071120-232735-740 O2 - BHO: MSVPS System - {F675EED8-4A4B-4A11-801B-08297749B83D} - C:\WINDOWS\oprevnpx.dll
backup-20071120-232735-810 O4 - HKLM\..\Run: [688852fc] "rundll32.exe" "C:\WINDOWS\system32\bbaogaps.dll",b
backup-20071120-232735-862 O20 - Winlogon Notify: winubg32 - C:\WINDOWS\
backup-20071120-232735-943 O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
backup-20071120-232735-946 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R3 catchme - c:\docume~1\vedran\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 WallCoolerService - c:\program files\wallcooler\wallcoolerservice.exe <Not Verified; Vedivi Ltd.; WallCoolerService>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_E0001458&REV_22\4&19FEE395&0&00E4
Manufacturer: Marvell
Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_E0001458&REV_22\4&19FEE395&0&00E4
Service: yukonwxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\BDC65816E600
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\BDC65816E600
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-11-12 18:48:28 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 23:28:53 0 d-------- C:\WINDOWS\ERUNT
2007-11-20 23:16:47 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-20 22:59:38 0 d-------- C:\VundoFix Backups
2007-11-18 00:36:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-18 00:36:12 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-17 21:54:59 0 d-------- C:\Program Files\Activision
2007-11-17 18:17:32 0 d-------- C:\BMW M3 Challenge
2007-11-17 15:36:04 0 d-------- C:\Program Files\RogueRemover FREE
2007-11-17 14:35:25 82496 --a------ C:\WINDOWS\system32\iepnpehi.dll
2007-11-17 14:33:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\Real
2007-11-17 14:32:54 0 d--h----- C:\Documents and Settings\LocalService\SendTo
2007-11-17 14:32:51 71232 --a------ C:\WINDOWS\system32\iukvdopi.exe <Not Verified; ; DDC>
2007-11-17 14:32:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2007-11-17 14:32:28 0 dr------- C:\Documents and Settings\LocalService\My Documents
2007-11-17 14:32:24 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2007-11-17 14:32:24 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-11-17 14:32:24 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-11-17 14:32:04 85056 --a------ C:\WINDOWS\system32\bbaogaps.dll
2007-11-17 14:26:02 82496 --a------ C:\WINDOWS\system32\weclhswb.dll
2007-11-17 14:24:09 71232 --a------ C:\WINDOWS\system32\ctsohcvy.exe <Not Verified; ; DDC>
2007-11-17 14:19:47 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-17 14:19:34 0 d-------- C:\Program Files\Webroot
2007-11-17 14:19:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-17 14:17:51 0 d-------- C:\Documents and Settings\vedran\Application Data\Webroot
2007-11-17 14:01:13 82496 --a------ C:\WINDOWS\system32\eqonbhkf.dll
2007-11-17 13:58:13 85056 -----n--- C:\WINDOWS\system32\aotuvliq.dll
2007-11-17 13:52:51 71232 --a------ C:\WINDOWS\system32\albneefl.exe <Not Verified; ; DDC>
2007-11-17 13:37:56 82496 --a------ C:\WINDOWS\system32\bbvkdktl.dll
2007-11-17 13:35:13 71232 --a------ C:\WINDOWS\system32\kvxxwtpe.exe <Not Verified; ; DDC>
2007-11-17 13:18:02 82496 --a------ C:\WINDOWS\system32\umbwsepf.dll
2007-11-17 13:15:02 144480 --a------ C:\WINDOWS\system32\pbaidonr.dll
2007-11-17 13:12:02 85056 --a------ C:\WINDOWS\system32\mistliln.dll
2007-11-17 13:09:38 71232 --a------ C:\WINDOWS\system32\kswbkjfr.exe <Not Verified; ; DDC>
2007-11-17 00:52:37 0 d-------- C:\Documents and Settings\vedran\Application Data\PCSecureSystem
2007-11-17 00:49:35 0 d-------- C:\Program Files\Enigma Software Group
2007-11-16 23:30:14 0 d-------- C:\Program Files\mIRC
2007-11-16 23:30:14 0 d-------- C:\Documents and Settings\vedran\Application Data\mIRC
2007-11-16 17:48:28 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-11-16 17:43:43 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2007-11-16 17:30:15 71232 --a------ C:\WINDOWS\system32\ivqyilco.exe <Not Verified; ; DDC>
2007-11-16 17:28:59 71232 --a------ C:\WINDOWS\system32\vxsdwrol.exe <Not Verified; ; DDC>
2007-11-16 16:28:59 86080 --a------ C:\WINDOWS\system32\pfniyaio.dll
2007-11-14 22:56:08 71232 --a------ C:\WINDOWS\system32\hdunkttt.exe <Not Verified; ; DDC>
2007-11-14 22:41:30 85056 --a------ C:\WINDOWS\system32\faasccup.dll
2007-11-14 22:39:58 71232 --a------ C:\WINDOWS\system32\gofuyxxq.exe <Not Verified; ; DDC>
2007-11-14 21:55:14 85056 --a------ C:\WINDOWS\system32\xokruhpq.dll
2007-11-14 21:54:21 71232 --a------ C:\WINDOWS\system32\gxpitsls.exe <Not Verified; ; DDC>
2007-11-12 23:34:17 0 d-------- C:\Program Files\VisualTrace
2007-11-12 20:09:14 0 d-------- C:\kav
2007-11-12 19:42:49 0 d-------- C:\WINDOWS\BDOSCAN8
2007-11-12 19:30:44 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-11-12 19:17:11 144480 --a------ C:\WINDOWS\system32\uhswswvh.dll
2007-11-12 19:14:11 71232 --a------ C:\WINDOWS\system32\xaroyqmg.exe <Not Verified; ; DDC>
2007-11-12 18:48:52 0 d-------- C:\Program Files\QuickTime
2007-11-12 18:48:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-12 18:48:20 0 d-------- C:\Program Files\Apple Software Update
2007-11-12 18:48:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-12 18:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-11 22:21:30 0 d-------- C:\WINDOWS\network diagnostic
2007-11-11 19:14:46 88128 --a------ C:\WINDOWS\system32\sdbrkwet.dll
2007-11-11 19:12:48 71232 --a------ C:\WINDOWS\system32\eiewitdi.exe <Not Verified; ; DDC>
2007-11-11 18:44:49 0 d-------- C:\WINDOWS\nview
2007-11-11 18:39:41 88128 --a------ C:\WINDOWS\system32\waxbfrki.dll
2007-11-11 18:37:24 71232 --a------ C:\WINDOWS\system32\uecxovui.exe <Not Verified; ; DDC>
2007-11-11 18:03:14 71232 --a------ C:\WINDOWS\system32\pqjwbidj.exe <Not Verified; ; DDC>
2007-11-10 20:50:29 0 d-------- C:\Documents and Settings\vedran\Application Data\Uniblue
2007-11-10 20:50:21 0 d-------- C:\Program Files\Uniblue
2007-11-10 20:35:29 71232 --a------ C:\WINDOWS\system32\alqbttux.exe <Not Verified; ; DDC>
2007-11-10 18:03:19 71232 --a------ C:\WINDOWS\system32\tccnxskk.exe <Not Verified; ; DDC>
2007-11-10 14:35:11 71232 --a------ C:\WINDOWS\system32\goydmdgp.exe <Not Verified; ; DDC>
2007-11-09 22:32:37 71232 --a------ C:\WINDOWS\system32\etqmueyr.exe <Not Verified; ; DDC>
2007-11-09 17:16:16 0 d-------- C:\Program Files\Windows Sidebar
2007-11-09 17:16:15 0 d-------- C:\Program Files\Norton AntiVirus
2007-11-09 17:14:45 0 d-------- C:\Program Files\Symantec
2007-11-09 17:14:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-09 17:07:26 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-09 16:51:44 0 d-------- C:\Program Files\MegauploadToolbar
2007-11-09 16:51:44 0 d-------- C:\Documents and Settings\vedran\Application Data\MegauploadToolbar
2007-11-09 16:14:51 71232 --a------ C:\WINDOWS\system32\elqgaijv.exe <Not Verified; ; DDC>
2007-11-09 16:06:04 85056 --a------ C:\WINDOWS\system32\hfrhuosj.dll
2007-11-09 16:00:27 71232 --a------ C:\WINDOWS\system32\gtgoehib.exe <Not Verified; ; DDC>
2007-11-08 23:31:10 71232 --a------ C:\WINDOWS\system32\lfxiogvp.exe <Not Verified; ; DDC>
2007-11-08 22:37:30 71232 --a------ C:\WINDOWS\system32\wluoedkh.exe <Not Verified; ; DDC>
2007-11-08 19:43:09 5680 --a------ C:\WINDOWS\system32\drivers\psntkd20.sys
2007-11-08 19:39:42 0 d-------- C:\Program Files\INAC
2007-11-08 19:22:02 71232 --a------ C:\WINDOWS\system32\drpbmkrs.exe <Not Verified; ; DDC>
2007-11-08 17:42:25 71232 --a------ C:\WINDOWS\system32\guepgcqr.exe <Not Verified; ; DDC>
2007-11-07 23:32:07 71232 --a------ C:\WINDOWS\system32\imrrikkh.exe <Not Verified; ; DDC>
2007-11-07 22:44:02 71232 --a------ C:\WINDOWS\system32\umtamxad.exe <Not Verified; ; DDC>
2007-11-07 22:42:12 71232 --a------ C:\WINDOWS\system32\tpdbpscs.exe <Not Verified; ; DDC>
2007-11-06 21:48:11 71232 --a------ C:\WINDOWS\system32\vkukmmmv.exe <Not Verified; ; DDC>
2007-11-06 00:29:14 0 d-------- C:\Program Files\MobiRise 3GP Converter
2007-11-05 22:13:35 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-05 22:12:51 0 d-------- C:\WINDOWS\SHELLNEW
2007-11-05 22:12:50 0 d-------- C:\Program Files\Microsoft.NET
2007-11-05 18:34:01 0 d-------- C:\Program Files\Softstunt 3GP Mobile Converter
2007-11-05 18:30:38 0 d-------- C:\3gptemp
2007-11-05 18:28:03 0 d-------- C:\Program Files\MIKSOFT
2007-11-05 18:21:40 487479 --a------ C:\WINDOWS\system32\SkinMagic.dll <Not Verified; Appspeed Inc.; Appspeed SkinMagic Toolkit>
2007-11-05 18:21:40 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2007-11-05 18:21:40 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2007-11-05 18:21:40 0 d-------- C:\WINDOWS\system32\avsplugin
2007-11-05 18:21:40 313344 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2007-11-05 18:21:40 0 d-------- C:\Program Files\Smallvideosoft
2007-11-03 16:11:14 0 d-------- C:\Program Files\HyCam2
2007-11-01 17:57:59 0 d-------- C:\Program Files\Human Head Studios
2007-11-01 12:12:37 0 d-------- C:\Program Files\AoA Audio Extractor
2007-11-01 11:59:10 0 d-------- C:\Documents and Settings\vedran\Application Data\Vedivi
2007-11-01 11:58:54 0 d-------- C:\Program Files\FDRLab
2007-11-01 11:57:50 0 d-------- C:\Program Files\WinPcap
2007-11-01 11:57:19 0 d-------- C:\Program Files\WallCooler
2007-11-01 00:37:21 0 --a------ C:\Documents and Settings\vedran\hy
2007-11-01 00:34:44 0 --a------ C:\Documents and Settings\vedran\df
2007-10-31 23:06:03 0 dr-h----- C:\Documents and Settings\vedran\Application Data\SecuROM
2007-10-30 22:47:04 0 d-------- C:\Program Files\AnalogX
2007-10-25 21:31:15 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-25 21:30:14 0 d-------- C:\Program Files\Common Files\Real
2007-10-25 21:29:55 0 d-------- C:\Documents and Settings\vedran\Application Data\Real
2007-10-25 20:54:57 0 d-------- C:\Documents and Settings\vedran\Application Data\Adobe
2007-10-25 20:45:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-10-25 20:45:10 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-25 12:48:13 3786 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-23 22:03:42 40733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-10-23 22:03:40 79875 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-10-23 22:03:40 0 d-------- C:\Program Files\Adssite Games Collection
2007-10-23 21:39:35 33952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-10-23 20:17:28 0 d-------- C:\Text
2007-10-23 20:17:28 0 d-------- C:\effects
2007-10-23 20:17:27 0 d-------- C:\sound
2007-10-23 20:17:27 0 d-------- C:\Shaders
2007-10-23 20:17:27 0 d-------- C:\saved
2007-10-23 20:17:16 0 d-------- C:\movies
2007-10-23 20:16:24 0 d-------- C:\Levels
2007-10-23 20:16:24 0 d-------- C:\input
2007-10-23 20:16:23 0 d-------- C:\fonts
2007-10-23 20:16:22 0 d-------- C:\driving
2007-10-23 20:16:10 0 d-------- C:\animation
2007-10-23 20:15:37 370688 --a------ C:\mss32.dll
2007-10-23 20:15:37 225280 --a------ C:\MatrixOptions.exe <Not Verified; ; Options Application>
2007-10-23 20:15:37 86016 --a------ C:\FileParser.dll
2007-10-23 20:15:37 131072 --a------ C:\eax.dll <Not Verified; Creative Technology Ltd; EAX Unified>
2007-10-23 20:15:37 86016 --a------ C:\DivxMediaLib.dll
2007-10-23 20:15:37 397312 --a------ C:\DivxDecoder.dll
2007-10-23 20:15:37 0 d-------- C:\actors
2007-10-23 20:15:34 7048659 -----n--- C:\Matrix.exe
2007-10-22 19:21:25 0 d-------- C:\Program Files\Sound Clips for Messenger
2007-10-21 22:30:48 0 d-------- C:\Documents and Settings\vedran\Contacts
2007-10-21 22:30:16 0 d-------- C:\Program Files\Real
2007-10-21 22:29:53 0 d-------- C:\Program Files\MSN Messenger
2007-10-21 19:59:31 0 d-------- C:\Documents and Settings\vedran\Application Data\GetRightToGo
2007-10-21 19:37:19 0 d-------- C:\Documents and Settings\vedran\Application Data\BitTorrent
2007-10-21 19:37:01 0 d-------- C:\Program Files\BitTorrent_DNA
2007-10-21 19:37:01 0 d-------- C:\Documents and Settings\vedran\Application Data\BitTorrent DNA
2007-10-21 12:24:54 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-21 12:24:15 0 d-------- C:\WINDOWS\system32\LogFiles
2007-10-21 12:24:15 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-21 12:23:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-10-21 12:17:56 0 d-------- C:\Program Files\XVid;-)
2007-10-21 12:11:04 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-21 12:10:31 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-21 12:10:31 0 d-------- C:\Program Files\Xvid
2007-10-21 12:08:08 0 d-------- C:\Program Files\WinMPG VideoConvert
2007-10-21 12:00:51 0 d-------- C:\Program Files\Nuclear Coffee
2007-10-20 21:41:01 0 d-------- C:\Documents and Settings\vedran\Shared
2007-10-20 21:41:00 0 d-------- C:\Documents and Settings\vedran\Incomplete
2007-10-20 21:40:51 0 d-------- C:\Documents and Settings\vedran\Application Data\LimeWire
2007-10-20 21:40:42 0 d-------- C:\Program Files\LimeWire
2007-10-20 21:38:53 0 d-------- C:\Program Files\MTA San Andreas
2007-10-20 10:33:07 127488 -ra------ C:\WINDOWS\system\DSETUP.DLL <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows® 95>


-- Find3M Report ---------------------------------------------------------------

2007-11-18 00:36:12 0 d-------- C:\Program Files\Common Files
2007-11-17 21:57:26 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-03 13:17:20 0 d-------- C:\Documents and Settings\vedran\Application Data\uTorrent
2007-10-27 12:07:12 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-25 21:31:47 1444 --a------ C:\WINDOWS\mozver.dat
2007-10-20 10:47:36 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-19 21:02:12 0 d-------- C:\Documents and Settings\vedran\Application Data\WinRAR
2007-10-19 18:50:11 0 d-------- C:\Documents and Settings\vedran\Application Data\Mozilla
2007-10-19 18:35:43 0 d-------- C:\Program Files\Messenger
2007-10-19 17:38:35 0 d-------- C:\Documents and Settings\vedran\Application Data\Macromedia
2007-10-18 21:21:43 0 d-------- C:\Program Files\Common Files\ODBC
2007-10-18 21:21:40 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-10-18 21:21:15 62 --ahs---- C:\Documents and Settings\vedran\Application Data\desktop.ini
2007-10-18 20:51:15 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-18 20:51:11 0 d-------- C:\Program Files\SystemRequirementsLab
2007-10-18 20:50:28 0 d-------- C:\Documents and Settings\vedran\Application Data\Sun
2007-10-18 20:50:01 0 d-------- C:\Program Files\Java
2007-10-18 20:48:00 0 d-------- C:\Program Files\Common Files\Java
2007-10-18 20:45:54 0 d-------- C:\Program Files\Realtek
2007-10-18 20:44:18 0 d-------- C:\Program Files\Intel
2007-10-18 20:43:55 0 d--h----- C:\Program Files\WindowsUpdate
2007-10-18 20:31:28 0 d-------- C:\Program Files\Movie Maker
2007-10-18 20:30:45 0 d-------- C:\Program Files\Windows NT
2007-10-18 19:38:46 0 d-------- C:\Program Files\Marvell
2007-10-18 19:35:33 0 d-------- C:\Documents and Settings\vedran\Application Data\Identities
2007-10-18 19:31:32 0 d-------- C:\Program Files\microsoft frontpage
2007-10-18 19:31:19 0 -rahs---- C:\MSDOS.SYS
2007-10-18 19:31:19 0 -rahs---- C:\IO.SYS
2007-10-18 19:31:19 0 --a------ C:\CONFIG.SYS
2007-10-18 19:31:19 0 --a------ C:\AUTOEXEC.BAT
2007-10-18 19:28:56 0 d-------- C:\Program Files\Common Files\MSSoap
2007-10-18 19:28:46 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-10-18 19:28:10 0 d-------- C:\Program Files\Online Services
2007-10-18 19:27:52 0 d-------- C:\Program Files\MSN Gaming Zone
2007-10-18 14:32:03 0 d-------- C:\Program Files\uTorrent
2007-10-17 22:50:33 0 d-------- C:\Program Files\ZD Soft
2007-10-17 22:49:33 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-17 22:04:50 0 d-------- C:\Program Files\DAMN NFO Viewer
2007-10-17 21:34:32 0 d-------- C:\Program Files\BitTorrent
2007-10-17 20:54:17 0 d-------- C:\Program Files\Electronic Arts
2007-09-11 10:17:30 81920 --a------ C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
09.11.2007 17:19 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [12.12.2006 20:33 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [12.12.2006 20:33 C:\WINDOWS\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 00:11]
"SoundClips"="C:\Program Files\Sound Clips for Messenger\SoundClips.exe" [16.07.2006 15:45]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.10.2007 18:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [25.10.2007 21:30]
"Wallcooler"="C:\Program Files\WallCooler\WallCoolerConsole.exe" [13.08.2007 09:09]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [25.08.2007 06:07]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [25.08.2007 05:53]
"isCfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [24.08.2007 10:49]
"NvCplDaemon"="RUNDLL32.exe" [03.08.2004 23:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [20.04.2007 06:05 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [03.08.2004 23:56 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [19.10.2007 20:16]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [17.11.2007 01:23]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01.03.2007 19:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [03.08.2004 23:56]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [17.10.2007 21:34]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 11:54]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [30.10.2007 18:45]

C:\Documents and Settings\vedran\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 19:16:50]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [17.9.2007 15:26:25]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-11-20 23:42:58 ------------
 

Attachments

tetonbob

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
#4 ·
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please do not wrap logs in bbcode tags. It makes them more difficult to read.

Thanks.

---------------------------------------------------------------------------------------------

Please download the OTMoveIt by OldTimer.
Save it to your desktop. We'll use this shortly.

---------------------------------------------------------------------------------------------


Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Adssite Games Collection
Browser Optimizer Adssite
Browser Optimizer Rightonadz

This Add or Remove Programs entry corresponds to a program that is either malware, installs malware, or is bundled with malware.

---------------------------------------------------------------------------------------------

P2P - I see you have P2P software (Limewire, µTorrent, BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Optional uninstall:

Spy Hunter - see this for more information:

http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O2 - BHO: browser optimizer by rightonadz - {971C3384-F75E-4562-95B3-CBE7417529BC} - (no file)

Close HijackThis now.

---------------------------------------------------------------------------------------------

  • Run OTMoveIt
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\VundoFix Backups
    C:\WINDOWS\system32\iepnpehi.dll
    C:\WINDOWS\system32\iukvdopi.exe
    C:\WINDOWS\system32\bbaogaps.dll
    C:\WINDOWS\system32\weclhswb.dll
    C:\WINDOWS\system32\ctsohcvy.exe
    C:\WINDOWS\system32\eqonbhkf.dll
    C:\WINDOWS\system32\aotuvliq.dll
    C:\WINDOWS\system32\albneefl.exe
    C:\WINDOWS\system32\bbvkdktl.dll
    C:\WINDOWS\system32\kvxxwtpe.exe
    C:\WINDOWS\system32\umbwsepf.dll
    C:\WINDOWS\system32\pbaidonr.dll
    C:\WINDOWS\system32\mistliln.dll
    C:\WINDOWS\system32\kswbkjfr.exe
    C:\WINDOWS\system32\ivqyilco.exe
    C:\WINDOWS\system32\vxsdwrol.exe
    C:\WINDOWS\system32\pfniyaio.dll
    C:\WINDOWS\system32\hdunkttt.exe
    C:\WINDOWS\system32\faasccup.dll
    C:\WINDOWS\system32\gofuyxxq.exe
    C:\WINDOWS\system32\xokruhpq.dll
    C:\WINDOWS\system32\gxpitsls.exe
    C:\WINDOWS\system32\uhswswvh.dll
    C:\WINDOWS\system32\xaroyqmg.exe
    C:\WINDOWS\system32\sdbrkwet.dll
    C:\WINDOWS\system32\eiewitdi.exe
    C:\WINDOWS\system32\waxbfrki.dll
    C:\WINDOWS\system32\uecxovui.exe
    C:\WINDOWS\system32\pqjwbidj.exe
    C:\WINDOWS\system32\alqbttux.exe
    C:\WINDOWS\system32\tccnxskk.exe
    C:\WINDOWS\system32\goydmdgp.exe
    C:\WINDOWS\system32\etqmueyr.exe
    C:\WINDOWS\system32\elqgaijv.exe
    C:\WINDOWS\system32\hfrhuosj.dll
    C:\WINDOWS\system32\gtgoehib.exe
    C:\WINDOWS\system32\lfxiogvp.exe
    C:\WINDOWS\system32\wluoedkh.exe
    C:\WINDOWS\system32\drpbmkrs.exe
    C:\WINDOWS\system32\guepgcqr.exe
    C:\WINDOWS\system32\imrrikkh.exe
    C:\WINDOWS\system32\umtamxad.exe
    C:\WINDOWS\system32\tpdbpscs.exe
    C:\WINDOWS\system32\vkukmmmv.exe
    C:\WINDOWS\system32\rightonadz-uninst.exe
    C:\WINDOWS\system32\adssite-remove.exe
    C:\Program Files\Adssite Games Collection
    C:\WINDOWS\system32\winIogon.exe~

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the log from OTMoveIt, located here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
 
A

· Registered
Joined
·
3 Posts
Discussion Starter · #5 ·
Sorry for late reply (i was busy). Some guy came to me and checked if everything is ok and its, no more virus and other things and checked if i have done something wrong. Thank you for helping :1angel:
 
tetonbob

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
#6 ·
Erm....if you have not performed the last instructions I posted, then from where I sit, your machine still has infected files on it.

What "some guy" has told you all is well? Have any other tools been run since your post #3?

It's your machine, but since you asked for our help, I'd like to see it through to the end, and have you perform the last instructions I posted in post #4.
 
1 - 6 of 6 Posts
Status
Not open for further replies.
About this Discussion
5 Replies
2 Participants
Last post:
tetonbob
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top