#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2005
    Posts
    20
    Rep Power
    0

    Virus issues - Logs listed inside - i can't seem to shake the problems


    I can't seem to clean up my computer, can anyone help or suggest what i can do. See the logs below.

    thanks

    Rob


    Malwarebytes' Anti-Malware 1.44
    Database version: 3729
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/02/2010 12:08:36
    mbam-log-2010-02-12 (12-08-36).txt

    Scan type: Quick Scan
    Objects scanned: 140903
    Time elapsed: 8 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\secfile (Trojan.Fakealert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 02/12/2010 at 01:22 PM

    Application Version : 4.26.1006

    Core Rules Database Version : 4580
    Trace Rules Database Version: 2392

    Scan type : Complete Scan
    Total Scan Time : 01:06:53

    Memory items scanned : 569
    Memory threats detected : 0
    Registry items scanned : 8076
    Registry threats detected : 0
    File items scanned : 25642
    File threats detected : 1

    Trojan.Agent/Gen-FraudLoad
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{3C61953A-7050-45D1-AFCD-167149F2EC13}\RP877\A0145881.EXE
    BitDefender QuickScan Beta 32-bit v0.9.9.0
    ------------------------------------------

    Scan date: Fri Feb 12 13:32:34 2010
    Machine ID: C4EB1A9C



    No infection found.
    ---------------------


    Processes
    ---------
    <unsigned> hp photosmart 764 C:\WINDOWS\system32\hphmon04.exe
    <unsigned> LightScribe 464 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    <unsigned> MediaServer.exe 2056 C:\Program Files\TVersity\Media Server\MediaServer.exe
    <unsigned> Microsoft® Windows® Operating System 3136 C:\WINDOWS\ehome\mcrdsvc.exe
    <unsigned> Microsoft® Windows® Operating System 1352 C:\WINDOWS\ehome\RMSvc.exe
    <unsigned> Microsoft® Windows® Operating System 1844 C:\WINDOWS\ehome\RMSysTry.exe
    <unsigned> PC Connectivity Solution 3436 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    <unsigned> PC Connectivity Solution 3840 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    <unsigned> PC Connectivity Solution 2888 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    <unsigned> PC Connectivity Solution 2684 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    <unsigned> PC Suite 1760 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    <unsigned> winampa.exe 128 C:\Program Files\Winamp\winampa.exe

    <verified> IoctlSvc Application 1192 C:\WINDOWS\system32\IoctlSvc.exe
    <verified> Adobe Acrobat 972 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    <verified> Apple Mobile Device Service 944 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    <verified> Bonjour 1180 C:\Program Files\Bonjour\mDNSResponder.exe
    <verified> BullGuard 1712 C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
    <verified> BullGuard 580 C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    <verified> Creative Service for CDROM Access 952 C:\WINDOWS\system32\CTsvcCDA.exe
    <verified> Firefox 3092 C:\Program Files\Mozilla Firefox\firefox.exe
    <verified> Google Update 1620 C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    <verified> iTunes 2796 C:\Program Files\iPod\bin\iPodService.exe
    <verified> iTunes 1468 C:\Program Files\iTunes\iTunesHelper.exe
    <verified> Java(TM) Platform SE 6 U11 264 C:\Program Files\Java\jre6\bin\jqs.exe
    <verified> Microsoft® Windows® Operating System 3324 C:\Program Files\Windows Media Player\WMPNetwk.exe
    <verified> Microsoft® Windows® Operating System 1788 C:\Program Files\Windows Media Player\WMPNSCFG.exe
    <verified> Microsoft® Windows® Operating System 1504 C:\WINDOWS\eHome\ehRecvr.exe
    <verified> Microsoft® Windows® Operating System 1864 C:\WINDOWS\eHome\ehSched.exe
    <verified> Microsoft® Windows® Operating System 520 C:\WINDOWS\Explorer.EXE
    <verified> Microsoft® Windows® Operating System 1020 C:\WINDOWS\system32\csrss.exe
    <verified> Microsoft® Windows® Operating System 1696 C:\WINDOWS\system32\ctfmon.exe
    <verified> Microsoft® Windows® Operating System 3848 C:\WINDOWS\system32\dllhost.exe
    <verified> Microsoft® Windows® Operating System 1112 C:\WINDOWS\system32\lsass.exe
    <verified> Microsoft® Windows® Operating System 2872 C:\WINDOWS\system32\notepad.exe
    <verified> Microsoft® Windows® Operating System 3364 C:\WINDOWS\system32\NOTEPAD.EXE
    <verified> Microsoft® Windows® Operating System 788 C:\WINDOWS\system32\rundll32.exe
    <verified> Microsoft® Windows® Operating System 1460 C:\WINDOWS\system32\rundll32.exe
    <verified> Microsoft® Windows® Operating System 1396 C:\WINDOWS\system32\RUNDLL32.EXE
    <verified> Microsoft® Windows® Operating System 1100 C:\WINDOWS\system32\services.exe
    <verified> Microsoft® Windows® Operating System 912 C:\WINDOWS\System32\smss.exe
    <verified> Microsoft® Windows® Operating System 144 C:\WINDOWS\system32\spoolsv.exe
    <verified> Microsoft® Windows® Operating System 1324 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1316 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 208 C:\WINDOWS\System32\svchost.exe
    <verified> Microsoft® Windows® Operating System 888 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1512 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 2984 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1036 C:\WINDOWS\System32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1536 C:\WINDOWS\System32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1576 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1584 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1412 C:\WINDOWS\system32\svchost.exe
    <verified> Microsoft® Windows® Operating System 1056 C:\WINDOWS\system32\winlogon.exe
    <verified> Microsoft® Windows® Operating System 688 C:\WINDOWS\system32\wuauclt.exe
    <verified> Nero BackItUp 1984 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    <verified> NVIDIA Driver Helper Service, Version 182.50 1944 C:\WINDOWS\system32\nvsvc32.exe
    <verified> Realtek HD Audio Sound Effect Manager 740 C:\WINDOWS\RTHDCPL.EXE
    <verified> SUPERAntiSpyware 1764 C:\Program Files\SUPERAntiSpyware\8cf243ff-bbd5-4746-a45c-544431576665.exe
    <verified> UAService7.exe 3068 C:\WINDOWS\system32\UAService7.exe


    Network activity
    ----------------
    Process firefox.exe (3092) connected on port 80 (HTTP) - ew-in-f118.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - ww-in-f101.1e100.net
    Process firefox.exe (3092) connected on port 443 (HTTP over SSL) - gv-in-f99.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - gv-in-f104.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - ew-in-f100.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - a92-123-88-100.deploy.akamaitechnologies.com
    Process firefox.exe (3092) connected on port 80 (HTTP) - a92-123-92-20.deploy.akamaitechnologies.com
    Process firefox.exe (3092) connected on port 80 (HTTP) - 84.53.132.42
    Process firefox.exe (3092) connected on port 80 (HTTP) - gv-in-f99.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - ew-in-f101.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - ww-in-f99.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - gv-in-f99.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - gv-in-f99.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - ww-in-f101.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - gv-in-f99.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - ww-in-f138.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - 84.53.132.42
    Process firefox.exe (3092) connected on port 80 (HTTP) - ds160.xs4all.nl
    Process firefox.exe (3092) connected on port 80 (HTTP) - 65.55.149.123
    Process firefox.exe (3092) connected on port 80 (HTTP) - ww-in-f138.1e100.net
    Process firefox.exe (3092) connected on port 443 (HTTP over SSL) - ww-in-f101.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - a92-123-85-115.deploy.akamaitechnologies.com
    Process firefox.exe (3092) connected on port 443 (HTTP over SSL) - gv-in-f99.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - ew-in-f100.1e100.net
    Process firefox.exe (3092) connected on port 80 (HTTP) - dc3.122.2o7.net

    Process svchost.exe (1324) listens on ports: 3389 (Terminal Server), 3390
    Process svchost.exe (1412) listens on ports: 135 (RPC)
    Process MediaServer.exe (2056) listens on ports: 41952
    Process svchost.exe (2984) listens on ports: 2869 (SSDP event notification, UPNP)
    Process WMPNetwk.exe (3324) listens on ports: 10243


    Autoruns and critical files
    ---------------------------
    <unsigned> hp photosmart C:\WINDOWS\system32\hphmon04.exe
    <unsigned> Microsoft® Windows® Operating System C:\WINDOWS\ehome\RMSysTry.exe
    <unsigned> PC Suite C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    <unsigned> QuickTime C:\Program Files\QuickTime\QTTask.exe
    <unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    <unsigned> winampa.exe C:\Program Files\Winamp\winampa.exe

    <verified> Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    <verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    <verified> BullGuard C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
    <verified> DAEMON Tools Pro C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
    <verified> Google Update C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    <verified> HP DeskJet C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    <verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
    <verified> Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\WMPNSCFG.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\bthprops.cpl
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll
    <verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
    <verified> MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    <verified> Nero AG NeroCheck C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    <verified> Nero BackItUp C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    <verified> NVIDIA Compatible Windows 2000 Display driver, Ver C:\WINDOWS\system32\NvCpl.dll
    <verified> NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
    <verified> nwiz.exe C:\WINDOWS\system32\nwiz.exe
    <verified> Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.EXE
    <verified> Realtek Voice Manager C:\WINDOWS\SkyTel.EXE
    <verified> SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\8cf243ff-bbd5-4746-a45c-544431576665.exe
    <verified> SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
    <verified> Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
    <verified> Windows Live Toolbar C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    <verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


    Browser plugins
    ---------------
    <unsigned> bdscanonline C:\WINDOWS\Downloaded Program Files\oscan82.ocx
    <unsigned> Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    <unsigned> DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
    <unsigned> DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    <unsigned> frozen.dll C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles/1tx95ci2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    <unsigned> googletoolbar-ff2.dll C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles/1tx95ci2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    <unsigned> googletoolbar-ff3.dll C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles/1tx95ci2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    <unsigned> googletoolbarloader.dll C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles/1tx95ci2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    <unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    <unsigned> RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    <unsigned> RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
    <unsigned> VLC Multimedia Plug-in C:\Program Files\VideoLAN\VLC\npvlc.dll

    <verified> AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
    <verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    <verified> bdoscandel.exe C:\WINDOWS\bdoscandel.exe
    <verified> bdupd.dll C:\WINDOWS\Downloaded Program Files\bdupd.dll
    <verified> BitDefender QuickScan C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles/1tx95ci2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    <verified> BitDefender QuickScan C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles/1tx95ci2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    <verified> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
    <verified> BullGuard C:\WINDOWS\system32\BGLsp.dll
    <verified> cortmime.dll C:\WINDOWS\Downloaded Program Files\cortmime.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\cortona_native.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\engine.dll
    <verified> Cortona Snapshot Printing Support C:\WINDOWS\Downloaded Program Files\CarbonCopy.dll
    <verified> Cortona VRML Client C:\Program Files\Common Files\ParallelGraphics\Cortona\npCortona.dll
    <verified> Cortona VRML Client C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\chameleon.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\cortona_control.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\cortona_dxs.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\cortona_imagers.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\cortona_js2.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\cortona_res.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\cortona_support.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\cortona_transport.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\dsound_renderer.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\DXSelector.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\movieimager.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\RevancheDX5.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\RevancheDX7.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\RevancheDX9.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\RevancheOGL.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\rob.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\RSoft32.dll
    <verified> Cortona VRML Client C:\WINDOWS\Downloaded Program Files\shelley3.dll
    <verified> Creative Software AutoUpdate Engine C:\WINDOWS\Downloaded Program Files\CTSUEng.ocx
    <verified> Creative Software AutoUpdate Engine C:\WINDOWS\Downloaded Program Files\CTSUEngn.ocx
    <verified> CTPID ActiveX Control Module C:\WINDOWS\Downloaded Program Files\CTPID.ocx
    <verified> DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
    <verified> DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    <verified> Google Toolbar for IE c:\program files\google\googletoolbar1.dll
    <verified> GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
    <verified> i-drop control C:\WINDOWS\Downloaded Program Files\IDrop.ocx
    <verified> i-drop control C:\WINDOWS\Downloaded Program Files\IDropENU.dll
    <verified> ipsupd.dll C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    <verified> Java(TM) Platform SE 6 U11 c:\program files\java\jre6\bin\jp2ssv.dll
    <verified> Java(TM) Platform SE 6 U11 c:\program files\java\jre6\bin\ssv.dll
    <verified> Java(TM) Platform SE 6 U11 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    <verified> Java(TM) Platform SE 6 U11 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
    <verified> Messenger C:\Program Files\Messenger\msmsgs.exe
    <verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
    <verified> Microsoft® Windows Media Player Firefox Plugin C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\System32\nwprovau.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
    <verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wshbth.dll
    <verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    <verified> MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
    <verified> MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\PURen-gb.dll
    <verified> MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\PURen-us.dll
    <verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    <verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    <verified> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    <verified> RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
    <verified> RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    <verified> RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    <verified> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
    <verified> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
    <verified> ToolBand Module c:\program files\daemon tools toolbar\dttoolbar.dll
    <verified> Winamp IE Toolbar c:\program files\winamp toolbar\winamptb.dll
    <verified> Winamp Toolbar for Firefox Plugin Dynamic Link Lib C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles/1tx95ci2.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
    <verified> Windows Live Toolbar c:\program files\windows live toolbar\msntb.dll
    <verified> Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    <verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

    Restored .exe association - HKCR\.exe\shell\open\command

    Missing files
    -------------
    File not found: C:\Documents and Settings\Robert\Local Settings\Application Data\av.exe
    referenced in: HKCR\.exe\shell\open\command\(default)

    File not found: C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
    referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"HPHUPD04"

    File not found: D:\Workflow.exe
    referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Workflow"


    Scan
    ----

    No file uploaded.

    Scan finished - communication took 5 sec
    Total traffic - 0.03 MB sent, 1.05 KB recvd
    Scanned 1040 files and modules - 209 seconds
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2005
    Posts
    20
    Rep Power
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:39:49, on 12/02/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\hphmon04.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
    C:\Program Files\SUPERAntiSpyware\8cf243ff-bbd5-4746-a45c-544431576665.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\ehome\RMSysTry.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Evesham Technology
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\8cf243ff-bbd5-4746-a45c-544431576665.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?765a7ac4989d4642b484ab33b8f4ad25
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?765a7ac4989d4642b484ab33b8f4ad25
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
    O15 - Trusted Zone: http://a2248.e.akamai.net
    O15 - Trusted Zone: http://*.bitdefender.com
    O15 - Trusted Zone: http://ssl-hints.netflame.cc
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164876478015
    O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/Ladbrokes/FlashAX.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 15370 bytes

    Hijack uninstall list

    µTorrent
    Adobe Audition 3.0
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player 9 ActiveX
    Adobe Reader 8.1.5
    Adobe Shockwave Player
    Amazon MP3 Downloader 1.0.8
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVI Codec Pack
    Bonjour
    Broadband Help
    BullGuard 8.0
    CCleaner
    Consolas Font Family
    Cortona® VRML Client
    Coupon Printer
    Creative MediaSource 5
    Creative Removable Disk Manager
    Creative System Information
    Creative ZEN V Series (R2)
    Critical Update for Windows Media Player 11 (KB959772)
    DAEMON Tools Toolbar
    Disc2Phone
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Web Player
    DVD Shrink 3.2
    DVDFab Decrypter 3.0.5.5
    Enable S3 for USB Device
    Google Earth
    Google Photos Screensaver
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    GrabIt 1.7.2 Beta 4 (build 997)
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    iTunes
    Java(TM) 6 Update 11
    Java(TM) 6 Update 7
    Malwarebytes' Anti-Malware
    Marvell Miniport Driver
    Max Payne
    Media Center Extender
    Media Center Extender
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MobileMe Control Panel
    Mozilla Firefox (3.5.7)
    MSVC80_x86
    MSVC80_x86_v2
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Nero 8
    neroxml
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Nokia PC Suite
    Nokia Software Updater
    NVIDIA Drivers
    NVIDIA PhysX
    PC Connectivity Solution
    PeerGuardian 2.0
    Photosmart 130,230,7150,7345,7350,7550 (Remove only)
    PowerDVD
    PowerQuest PartitionMagic 8.0
    QuickPar 0.9
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Room Arranger
    Safari
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Smart Menus (Windows Live Toolbar)
    Sonic Encoders
    SoulSeek Client 156c
    Spotify
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    SpywareBlaster 4.2
    SUPERAntiSpyware Free Edition
    SuperNZB v3.2.1
    System Requirements Lab
    Tabbed Browsing (Windows Live Toolbar)
    TVersity Codec Pack 1.2
    TVersity Media Server 1.7.4.1 Beta
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VC80CRTRedist - 8.0.50727.4053
    ViewSonic Monitor Drivers
    VLC media player 1.0.1
    Winamp
    Winamp Remote
    Winamp Toolbar
    Winamp Toolbar for Firefox
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Driver Package - Nokia Modem (03/05/2008 3.7)
    Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
    Windows Driver Package - Nokia Modem (05/22/2008 3.8)
    Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
    Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
    Windows Driver Package - Nokia Modem (10/05/2009 4.2)
    Windows Driver Package - Nokia Modem (10/12/2007 3.6)
    Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Internet Explorer 8
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live Toolbar Feed Detector (Windows Live Toolbar)
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix - KB895316
    Windows Media Player 11
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB890760
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB905589
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    XviD Media Codec 1.1.1
    ZENcast Organizer
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Location
    Earth
    Posts
    48
    Rep Power
    0
    Do not worry.

    As i can see from your log:

    There are no infected processes

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 0

    Only one registry keys, but in log you can also see:
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\secfile (Trojan.Fakealert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    These infected keys was deleted.

    All is ok
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2005
    Posts
    20
    Rep Power
    0
    thanks, lets hope it doesn't come back.
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Location
    Earth
    Posts
    48
    Rep Power
    0
    Use Antivirus/antiapyware/internet security software and be ok
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2010
    Posts
    4
    Rep Power
    0

    Virus Removal Resources


    Hey I would go to this site. pc-infection dot com has many recommended resources explaining how to remove viruses from your computer. I highly recommend reviewing their resources.

IMN logo majestic logo threadwatch logo seochat tools logo