Jump to content

vundo/searchclick8 help plz


Nimmey

Recommended Posts

So ive been trying to get rid of this thing myself but cant seem to do it...

i have run the anit malware program and avg pro, and i still have it...it says it finds things and i delete them, yet i still cant do much on my computer

I will post any logs you require ASAP thanks!!

Link to post
Share on other sites

hijackthis log (sorry for double post)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:45:15 AM, on 2/26/2010

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\WINDOWS\SysWOW64\rundll32.exe

C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\SysWOW64\CTsvcCDA.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG9\avgam.exe

C:\PROGRA~2\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Java\jre6\bin\jqs.exe

C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

C:\Program Files (x86)\AVG\AVG9\avgemc.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/

O2 - BHO: C:\WINDOWS\SysWow64\t6al8.dll - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\SysWow64\t6al8.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe /Minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [bionix Wallpaper] "C:\Program Files (x86)\Bionix Wallpaper.exe"

O4 - HKCU\..\Run: [sun Microsystems] C:\Documents and Settings\Administrator\Application Data\Microsoft\jusched.exe

O4 - HKCU\..\Run: [Remote System Protection] rundll32.exe C:\WINDOWS\SysWow64\t6al8.dll, HUI_proc

O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\du2t21o4u4.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: UltraMon.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - ESC Trusted Zone: http://runonce.msn.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1249755127828

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D760F04B-38E4-48F3-A7CF-32A86C0D197D}: NameServer = 83.149.115.157,4.2.2.1,209.18.47.61 209.18.47.62

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs: pedanawe.dll

O21 - SSODL: kibutobib - {298435ac-e9a1-4e09-9f78-f0609dca15e8} - c:\windows\SysWow64\folopaga.dll (file missing)

O22 - SharedTaskScheduler: 7whfiudhf8s7f3oifhif7syfdhsof - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\SysWow64\t6al8.dll

O22 - SharedTaskScheduler: gahurihor - {298435ac-e9a1-4e09-9f78-f0609dca15e8} - c:\windows\SysWow64\folopaga.dll (file missing)

O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--

End of file - 8904 bytes

Link to post
Share on other sites

Hello Nimmey

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    symmpi.sys

    adp3132.sys

    mv61xx.sys

    /md5stop

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Link to post
Share on other sites

ok try the following please.

Please download DDS and save it to your desktop.

  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open as well as attach.txt.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

attach.txt

Link to post
Share on other sites

Ok give this one a shot please.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Link to post
Share on other sites

  • Download SREng from here: http://www.kztechs.com/sreng/sreng2.zip
  • Extract all content to your Desktop
  • From the sreng2 folder on your Desktop, double-click SREng.exe to run itSelect: Smart Scan
  • Then, click the [scan] button When finished, click on the [save Reports] button Save the log to your
  • Desktop Please post the content of the SREnglLOG.log file in your next reply.

Link to post
Share on other sites

2010-02-27,14:14:11

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional x64 Edition (null)Service Pack 2 (Build 3790) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
Windows Security Update Check
API HOOK
Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Creative Detector><C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe /R> [Creative Technology Ltd]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"> [Nero AG]
<Steam><"c:\program files (x86)\steam\steam.exe" -silent> [(Verified)Valve]
<Aim6><"C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp> [(Verified)AOL LLC]
<NCsoft Launcher><C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe /Minimized> [File is missing]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Component Publisher]
<Google Update><"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c> [(Verified)Google Inc]
<Bionix Wallpaper><"C:\Program Files (x86)\Bionix Wallpaper.exe"> [File is missing]
<Sun Microsystems><C:\Documents and Settings\Administrator\Application Data\Microsoft\jusched.exe> []
<Remote System Protection><rundll32.exe C:\WINDOWS\SysWow64\t6al8.dll, HUI_proc> []
<uishf9wuifwuh387fh3wufinhjfdwefe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\du2t21o4u4.exe> [File is missing]
<asg984jgkfmgasi8ug98jgkfgfb><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win32.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Adobe Reader Speed Launcher><"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"> [(Verified)Adobe Systems, Incorporated]
<CTSysVol><"C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r> [Creative Technology Ltd]
<P17Helper><Rundll32 P17.dll,P17Helper> [N/A]
<UpdReg><C:\WINDOWS\UpdReg.EXE> [Creative Technology Ltd.]
<RemoteControl><"C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<NWEReboot><> [N/A]
<NeroFilterCheck><"C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe"> [Nero AG]
<SunJavaUpdateSched><"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"> [(Verified)Sun Microsystems, Inc.]
<amd_dc_opt><C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe> [AMD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
<UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\syswow64\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\syswow64\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows]
<SysTray><C:\WINDOWS\SysWOW64\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
<kibutobib><c:\windows\SysWow64\folopaga.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\EFS]
<WinlogonNotify: EFS><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\SysWOW64\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\SysWOW64\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{A3BA40A2-74F0-42BD-F434-00B15A2C8953}><C:\WINDOWS\SysWow64\t6al8.dll> []
<{298435ac-e9a1-4e09-9f78-f0609dca15e8}><c:\windows\SysWow64\folopaga.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<N/A><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><c:\WINDOWS\SysWOW64\Rundll32.exe c:\WINDOWS\SysWOW64\mscories.dll,Install> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\UltraMon.scr> [Realtime Soft Ltd]

==================================
Startup Folders
[UltraMon]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk --> C:\WINDOWS\Installer\{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}\IcoUltraMon.ico [N/A]><N>

==================================
Services
[Alerter / Alerter][Stopped/Disabled]
<C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\system32\alrsvc.dll><N/A>
[Background Intelligent Transfer Service / BITS][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\qmgr.dll><N/A>
[Creative Service for CDROM Access / Creative Service for CDROM Access][Running/Auto Start]
<C:\WINDOWS\system32\CTsvcCDA.EXE><Creative Technology Ltd>
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><N/A>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
<"C:\Program Files (x86)\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[Server / lanmanserver][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\srvsvc.dll><N/A>
[Workstation / lanmanworkstation][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\wkssvc.dll><N/A>
[Messenger / Messenger][Stopped/Disabled]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\msgsvc.dll><N/A>
[nProtect GameGuard Service / npggsvc][Stopped/Manual Start]
<C:\WINDOWS\system32\GameMon.des -service><(File is missing)>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc64.exe><NVIDIA Corporation>
[Viewpoint Manager Service / Viewpoint Manager Service][Running/Auto Start]
<"C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe"><Viewpoint Corporation>

==================================
Drivers
[AMD K8 Processor Driver / AmdK8][Running/Manual Start]
<system32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[AMD Low Level Device Driver / AmdLLD64][Running/Manual Start]
<system32\DRIVERS\AmdLLD64.sys><AMD, Inc.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<system32\DRIVERS\CdaC15BA.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[CdaD10BA / CdaD10BA][Running/Auto Start]
<system32\DRIVERS\CdaD10BA.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[cpuz132 / cpuz132][Stopped/Manual Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz132\cpuz132_x64.sys><N/A>
[Creative SoundFont Management Device Driver / ctsfm2k][Running/Manual Start]
<system32\DRIVERS\ctsfm2k.sys><Creative Technology Ltd>
[dump_wmimmc / dump_wmimmc][Stopped/Manual Start]
<\??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys><N/A>
[fmfdisk / fmfdisk][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\fmfdisk.sys><N/A>
[GEAR ASPI Filter Driver / GEARAspiWDM][Stopped/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><N/A>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
<system32\DRIVERS\ipinip.sys><N/A>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npptNT2.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvatabus / nvatabus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Creative OS Services Driver / ossrv][Running/Manual Start]
<system32\DRIVERS\ctoss2k.sys><Creative Technology Ltd.>
[Sound Blaster Audigy / P1764][Running/Manual Start]
<system32\drivers\P1764.sys><Creative Technology Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Security Driver / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>

==================================
Browser Add-ons
[C:\WINDOWS\SysWow64\t6al8.dll]
{A3BA40A2-74F0-42BD-F434-00B15A2C8953} <C:\WINDOWS\SysWow64\t6al8.dll, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\SysWow64\wuweb.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_18]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_18]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} <C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_18]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files (x86)\Java\jre6\bin\npjpi160_18.dll, (Signed) Sun Microsystems, Inc.>
[]
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} <, >
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[Adobe PDF Link Helper]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <, >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\SysWow64\wuweb.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\syswow64\wmp.dll, Microsoft Corporation>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
{88D96A05-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\SysWOW64\msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
{88D96A06-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\SysWOW64\msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
{88D96A08-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\SysWOW64\msxml6.dll, (Signed) Microsoft Corporation>
[C:\WINDOWS\SysWow64\t6al8.dll]
{A3BA40A2-74F0-42BD-F434-00B15A2C8953} <C:\WINDOWS\SysWow64\t6al8.dll, N/A>
[Adobe PDF Reader]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[Microsoft Url Search Hook]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\SysWow64\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[Microsoft Silverlight]
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll, (Signed) Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\SysWOW64\msxml3.dll, (Signed) Microsoft Corporation>
[Google Update Plugin]
{F3FFF5F4-A643-447E-A5A5-0B5F760C7F4A} <C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll, (Signed) Google Inc.>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >

==================================
Running Processes
[PID: 1440 / Administrator][C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe] [Creative Technology Ltd, 3.0.2.0]
[C:\Program Files (x86)\Creative\MediaSource\Detector\CTIntrfc.dll] [Creative Technology Ltd, 2.1.0.0]
[C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.Crl] [Creative Technology Ltd, 2.1.0.0]
[C:\Program Files (x86)\Creative\MediaSource\Detector\DtctrMgr.det] [Creative Technology Ltd, 3.0.2.0]
[C:\Program Files (x86)\Creative\MediaSource\Detector\Hdd.det] [Creative Technology Ltd, 1.0.6.0]
[C:\Program Files (x86)\Creative\Shared Files\ThmRes.DLL] [Creative Technology Ltd, 2.0.12.0]
[C:\Program Files (x86)\Creative\Shared Files\CTIniF.dll] [Creative Technology Ltd, 1.1.0.0]
[C:\Program Files (x86)\Creative\MediaSource\Detector\Disc.det] [Creative Technology Ltd, 2.4.2.0]
[PID: 1476 / Administrator][C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe] [Nero AG, 1, 2, 0, 13]
[C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files (x86)\Common Files\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 3,15,1, 6800]
[C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 2, 0, 13]
[C:\Program Files (x86)\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 1, 2, 0, 13]
[PID: 1576 / Administrator][C:\WINDOWS\SysWOW64\ctfmon.exe] [(Verified) Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1804 / SYSTEM][C:\WINDOWS\SysWOW64\CTsvcCDA.EXE] [Creative Technology Ltd, 1.0.1.0]
[PID: 1932 / SYSTEM][C:\Program Files (x86)\Java\jre6\bin\jqs.exe] [Sun Microsystems, Inc., 6.0.180.7]
[C:\Program Files (x86)\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 288 / Administrator][C:\WINDOWS\SysWOW64\rundll32.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\SysWow64\t6al8.dll] [N/A, ]
[PID: 124 / Administrator][C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe] [Creative Technology Ltd, 1.4.2.0]
[C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.crl] [Creative Technology Ltd, 1.4.1.0]
[C:\Program Files (x86)\Creative\Shared Files\CTTheme.dll] [Creative Technology Ltd, 3.1.3.0]
[C:\Program Files (x86)\Creative\Shared Files\CtrlSrc.dll] [Creative Technology Ltd, 2.0.12.0]
[C:\Program Files (x86)\Creative\Shared Files\CTIniF.dll] [Creative Technology Ltd, 1.1.0.0]
[C:\Program Files (x86)\Creative\Shared Files\GDICtrl.skc] [Creative Technology Ltd, 3.1.18.0]
[C:\Program Files (x86)\Creative\Shared Files\GDICtrl2.skc] [Creative Technology Ltd, 3.0.14.0]
[C:\Program Files (x86)\Creative\Shared Files\GDICtrl3.skc] [Creative Technology Ltd, 3.1.4.0]
[C:\Program Files (x86)\Creative\Shared Files\RtxCtrl.skc] [Creative Technology Ltd, 3.1.3.0]
[C:\Program Files (x86)\Creative\Shared Files\mxlib.dll] [Creative Technology Ltd., 1.00.0.13]
[PID: 704 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\system32\P17.dll] [, 1.0.1.41]
[PID: 788 / Administrator][C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe] [Cyberlink Corp., 5.00.0000]
[C:\Program Files (x86)\CyberLink\Shared Files\CLRCEngine2.dll] [CyberLink Corp., 3.20.0000]
[PID: 2192 / SYSTEM][C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe] [Viewpoint Corporation, 2, 0, 0, 54]
[PID: 2204 / Administrator][C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] [Sun Microsystems, Inc., 2.0.1.2]
[PID: 2260 / NETWORK SERVICE][C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\syswow64\wmp.dll] [Microsoft Corporation, 11.0.5721.5268 (WMP_11.090713-1703)]
[PID: 2812 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[PID: 2108 / Administrator][C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe] [Realtime Soft Ltd, 1.1.1.0]
[C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInteropPS.dll] [Realtime Soft Ltd, 1.1.1.0]
[C:\Program Files\UltraMon\RTSUltraMonHookX32.dll] [Realtime Soft Ltd, 3.0.3.0]
[PID: 2916 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win32.exe] [N/A, ]
[PID: 2940 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cmd.exe] [N/A, ]
[PID: 2964 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\debug.exe] [N/A, ]
[PID: 1132 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msinits.exe] [N/A, ]
[PID: 1820 / Administrator][C:\Program Files (x86)\Songbird\songbird.exe] [POTI, Inc., 1.9.0.14]
[C:\Program Files (x86)\Songbird\xulrunner\nspr4.dll] [Mozilla Foundation, 4.7.5]
[C:\Program Files (x86)\Songbird\xulrunner\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000]
[C:\Program Files (x86)\Songbird\xulrunner\plc4.dll] [Mozilla Foundation, 4.7.5]
[C:\Program Files (x86)\Songbird\xulrunner\plds4.dll] [Mozilla Foundation, 4.7.5]
[C:\Program Files (x86)\Songbird\xulrunner\sqlite3.dll] [sqlite.org, 3.6.10]
[C:\Program Files (x86)\Songbird\xulrunner\nssutil3.dll] [Mozilla Foundation, 3.12.3.1]
[C:\Program Files (x86)\Songbird\xulrunner\softokn3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\Program Files (x86)\Songbird\xulrunner\nss3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\Program Files (x86)\Songbird\xulrunner\ssl3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\Program Files (x86)\Songbird\xulrunner\smime3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\Program Files (x86)\Songbird\xulrunner\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files (x86)\Songbird\xulrunner\xul.dll] [Mozilla Foundation, 1.9.0.14]
[C:\Program Files (x86)\Songbird\xulrunner\xpcom.dll] [Mozilla Foundation, 1.9.0.14]
[C:\Program Files (x86)\Songbird\components\sbThreadPoolService.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbLocalDatabaseLibrary.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbDeviceFirmwareUpdater.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbDeviceManager2.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbLibraryManager.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbMediaExport.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbMediaManager.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbMediacoreManager.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbDeviceManager.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbPlaybackHistoryService.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbSQLBuilder.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbPlaylistCommands.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbWatchFolderService.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbWin32FileSystemEvents.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbAlbumArt.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbProxiedServices.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbStrings.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbIntl.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbWindowWatcher.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbMetadataModule.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbGStreamerStub.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\charset.dll] [Free Software Foundation, 1.2]
[C:\Program Files (x86)\Songbird\lib\iconv.dll] [Free Software Foundation, 1.9]
[C:\Program Files (x86)\Songbird\lib\intl.dll] [Free Software Foundation, 0.14.5]
[C:\Program Files (x86)\Songbird\lib\libglib-2.0-0.dll] [The GLib developer community, 2.16.6.0]
[C:\Program Files (x86)\Songbird\lib\libgmodule-2.0-0.dll] [The GLib developer community, 2.16.6.0]
[C:\Program Files (x86)\Songbird\lib\libgobject-2.0-0.dll] [The GLib developer community, 2.16.6.0]
[C:\Program Files (x86)\Songbird\lib\libgthread-2.0-0.dll] [The GLib developer community, 2.16.6.0]
[C:\Program Files (x86)\Songbird\lib\ogg-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\theoradec-1.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\theoraenc-1.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\vorbis-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\vorbisenc-2.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\vorbisfile-3.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\FLAC-8.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstreamer-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstbase-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstdataprotocol-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstcontroller-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstinterfaces-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstaudio-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gsttag-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstcdda-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstfft-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstnetbuffer-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstpbutils-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstriff-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstrtp-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstrtsp-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstsdp-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\gstvideo-0.10-0.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\lib\sbGStreamerMediacore.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstacmmp3dec.dll] [N/A, ]
[C:\WINDOWS\SysWOW64\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\Program Files (x86)\Songbird\gst-plugins\gstadder.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstadpcmdec.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstaiffparse.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstalaw.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstapetag.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstasf.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstasfmux.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstaudioconvert.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstaudiofx.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstaudiorate.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstaudioresample.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstaudiotestsrc.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstauparse.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstautodetect.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstcoreelements.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstcoreindexers.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstcutter.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstdecodebin.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstdecodebin2.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstdirectsoundsink.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstdmoenc.dll] [N/A, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstdshowdecwrapper.dll] [N/A, ]
[C:\WINDOWS\system32\l3codecx.ax] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 5, 0, 50]
[C:\WINDOWS\SysWOW64\quartz.dll] [, ]
[C:\WINDOWS\SysWOW64\devenum.dll] [, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstequalizer.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstflac.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gsticydemux.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstid3demux.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstid3tag.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstlevel.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstmozillasrc.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstmpegaudioparse.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstmulaw.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstmultipart.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstogg.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstplaybin.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstqtdemux.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstqueue2.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstreplaygain.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstrtp.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstrtpmanager.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstrtsp.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstsdpelem.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstselector.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstspectrum.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gsttypefindfunctions.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstudp.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstvolume.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstvorbis.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstwavenc.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\gst-plugins\gstwavparse.dll] [N/A, ]
[C:\Documents and Settings\Administrator\Application Data\Songbird2\Profiles\moqok1wy.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbdataremote.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbDBEngine.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbProperties.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbDownloadDevice.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbxpcom.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbiTunesMediaImport.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\xulrunner\nssdbm3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\Program Files (x86)\Songbird\xulrunner\freebl3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[C:\Program Files (x86)\Songbird\xulrunner\nssckbi.dll] [Mozilla Foundation, 1.75]
[C:\Program Files (x86)\Songbird\components\sbMozVariant.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbCDDevice.dll] [N/A, ]
[C:\Documents and Settings\Administrator\Application Data\Songbird2\Profiles\moqok1wy.default\extensions\mtp@songbirdnest.com\components\sbMTPWin32.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbMediaSniffer.dll] [N/A, ]
[C:\Program Files (x86)\Songbird\components\sbIntegration.dll] [N/A, ]
[C:\Program Files\UltraMon\RTSUltraMonHookX32.dll] [Realtime Soft Ltd, 3.0.3.0]
[C:\WINDOWS\syswow64\WMASF.DLL] [Microsoft Corporation, 11.0.5721.5238 (WMP_11.071025-0642)]
[C:\WINDOWS\syswow64\wmp.dll] [Microsoft Corporation, 11.0.5721.5268 (WMP_11.090713-1703)]
[C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll] [, ]
[PID: 740 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\chrome.dll] [Google Inc., 4.0.249.89]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\locales\en-US.dll] [N/A, ]
[C:\Program Files\UltraMon\RTSUltraMonHookX32.dll] [Realtime Soft Ltd, 3.0.3.0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\gears.dll] [Google Inc., 0.5.33.0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\rlz.dll] [N/A, ]
[PID: 452 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\chrome.dll] [Google Inc., 4.0.249.89]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\locales\en-US.dll] [N/A, ]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\avcodec-52.dll] [N/A, ]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\avutil-50.dll] [N/A, ]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\avformat-52.dll] [N/A, ]
[PID: 976 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\chrome.dll] [Google Inc., 4.0.249.89]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\locales\en-US.dll] [N/A, ]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\avcodec-52.dll] [N/A, ]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\avutil-50.dll] [N/A, ]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\avformat-52.dll] [N/A, ]
[PID: 1676 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] [Google Inc., 0.0.0.0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\chrome.dll] [Google Inc., 4.0.249.89]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\icudt42.dll] [IBM Corporation and others, 4, 2, 1, 0]
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\4.0.249.89\locales\en-US.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll] [, ]
[PID: 2224 / Administrator][C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
[PID: 688 / Administrator][C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
[C:\WINDOWS\SysWow64\t6al8.dll] [N/A, ]
[PID: 1532 / Administrator][C:\Documents and Settings\Administrator\Desktop\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321]
[PID: 1968 / Administrator][C:\Documents and Settings\Administrator\Desktop\SRE3624a76f.EXE] [Smallfrogs Studio, 2.8.2.1321]
[C:\Program Files\UltraMon\RTSUltraMonHookX32.dll] [Realtime Soft Ltd, 3.0.3.0]
[C:\Documents and Settings\Administrator\Desktop\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP Error. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
N/A

==================================
Scheduled Tasks
[Enabled] xnbxxtra.job
C:\WINDOWS\system32\rundll32.exe
[Enabled] GoogleUpdateTaskUserS-1-5-21-3928387891-2072984557-481463973-500UA.job
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[Enabled] GoogleUpdateTaskUserS-1-5-21-3928387891-2072984557-481463973-500Core.job
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[Enabled] chyecimr.job
C:\WINDOWS\system32\rundll32.exe

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

Link to post
Share on other sites

please re-open Hijackthis and place a check mark next to these entries listed below:

O2 - BHO: C:\WINDOWS\SysWow64\t6al8.dll - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\SysWow64\t6al8.dll

O4 - HKCU\..\Run: [Remote System Protection] rundll32.exe C:\WINDOWS\SysWow64\t6al8.dll, HUI_proc

O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\du2t21o4u4.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{D760F04B-38E4-48F3-A7CF-32A86C0D197D}: NameServer = 83.149.115.157,4.2.2.1,209.18.47.61 209.18.47.62

O20 - AppInit_DLLs: pedanawe.dll

O21 - SSODL: kibutobib - {298435ac-e9a1-4e09-9f78-f0609dca15e8} - c:\windows\SysWow64\folopaga.dll (file missing)

O22 - SharedTaskScheduler: 7whfiudhf8s7f3oifhif7syfdhsof - {A3BA40A2-74F0-42BD-F434-00B15A2C8953} - C:\WINDOWS\SysWow64\t6al8.dll

O22 - SharedTaskScheduler: gahurihor - {298435ac-e9a1-4e09-9f78-f0609dca15e8} - c:\windows\SysWow64\folopaga.dll (file missing)

Now click on Fix checked and then close Hijackthis.

======================================

*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Then I will need you to show hidden Files \Folders.

To do this:

  • *Click Start.
    *Open My Computer.
    *Select the Tools menu and click Folder Options.
    *Select the View Tab.
    *Under the Hidden files and folders heading select Show hidden files and folders.
    *Uncheck the Hide protected operating system files (recommended) option.
    *Click Yes to confirm.
    *Click OK

After that using Windows Explorer (to get there right-click your Start button and go to "Explore")

Delete the items listed below:

C:\WINDOWS\SysWow64\t6al8.dll <--file

C:\Documents and Settings1\Administrator\Local Settings\Temp <--folder

Now close Windows Explorer.

Now reset your Hidden files\folders to hidden.

To do this:

To reset:

  • *Click Start.
    *Open My Computer.
    *Select the Tools menu and click Folder Options.
    *Select the View Tab.
    *Under the Hidden files and folders heading select Do not Show hidden files and folders.
    *Check the Hide protected operating system files (recommended) option.
    *Click Yes to confirm.
    *Click OK

Please reboot back into normal windows and do the following.

==========================

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.44

Database version: 3806

Windows 5.2.3790 Service Pack 2

Internet Explorer 8.0.6001.18702

2/28/2010 9:45:37 AM

mbam-log-2010-02-28 (09-45-37).txt

Scan type: Quick Scan

Objects scanned: 117072

Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 5

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 19

Memory Processes Infected:

C:\Documents and Settings\Administrator\Local Settings\Temp\notepad.exe (Trojan.Clicker) -> Unloaded process successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\msinits.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\PotDll.PotGo (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a3ba40a2-74f0-42bd-f434-00b15a2c8953} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asg984jgkfmgasi8ug98jgkfgfb (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\remote system protection (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Administrator\Local Settings\Temp\notepad.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\msinits.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc10.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc11.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc22.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc24.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc7.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc8.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-3928387891-2072984557-481463973-500\Dc9.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\cmd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\debug.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\smss.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\system.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\vwwixjz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\win32.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\mswintmp.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

ESET scanner log...

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=7f4962279c46c64c87b8259c2c1c2216

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-02-28 04:20:02

# local_time=2010-02-28 10:20:02 (-0600, Central Standard Time)

# country="United States"

# lang=9

# osver=5.2.3790 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777215 100 0 490044 490044 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=58007

# found=1

# cleaned=1

# scan_time=1677

C:\WINDOWS\system32\BjJEMdNb8b.txt probably a variant of Win32/Injector.APK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:08:43 PM, on 2/28/2010

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\SysWOW64\CTsvcCDA.EXE

C:\Program Files (x86)\Java\jre6\bin\jqs.exe

C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\BitTorrent\bittorrent.exe

C:\Program Files (x86)\Songbird\songbird.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe /Minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [bionix Wallpaper] "C:\Program Files (x86)\Bionix Wallpaper.exe"

O4 - HKCU\..\Run: [sun Microsystems] C:\Documents and Settings\Administrator\Application Data\Microsoft\jusched.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: UltraMon.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - ESC Trusted Zone: http://runonce.msn.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1249755127828

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--

End of file - 7349 bytes

everything seems to be running smoothly, no more site redirecting or IE invisibly running

Link to post
Share on other sites

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.