Browser hijack !

[kutuputu]

Part 1 :

ComboScan v20070221.16 run by s on 2007-02-27 at 10:56:51
Computer is in Normal Mode.
--------------------------------------------------------------------------

Unable to create System Restore WMI object; error code: 0x8007042C
Performed disk cleanup.


-- HijackThis (run as s.exe) ----------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:00:53, on 27/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Kerio\Personal Firewall\persfw.exe
D:\WINDOWS\system32\slmdmsr.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\TrojanHunter 4.6\THGuard.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
d:\comboscan.exe
D:\s.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = http://www.google.co.il
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - D:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} -
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} -
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} -
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

[kutuputu]

Part 2 :

-- HijackThis Fixed Entries (D:\\backups\) --------------------------------------

backup-20050426-055602-307 R3 - Default URLSearchHook is missing
backup-20050426-055602-843 O2 - BHO: (no name) - {FBE3AE8E-846C-3C23-32A7-FA6D9D56AC87} - D:\WINDOWS\atlzw.dll
backup-20050426-235007-993 O4 - HKCU\..\RunOnce: [Winsock2 driver] MMNGR32.EXE
backup-20050430-053928-870 O23 - Service: Port Reporter (PortReporter) - Unknown owner - D:\Program Files\PortReporter\portreporter.exe
backup-20050430-053928-937 O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
backup-20050430-135256-712 R3 - Default URLSearchHook is missing
backup-20050430-135256-737 O3 - Toolbar: Virtual Maid - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - D:\PROGRA~1\Virtual Maid\Virtual Maid.dll
backup-20050430-135256-957 O3 - Toolbar: &???? - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
backup-20050430-142724-165 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/
backup-20050430-142724-176 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
backup-20050430-142724-200 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
backup-20050430-142724-232 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.qfind.net/search.php?qq=%s
backup-20050430-142724-258 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/
backup-20050430-142724-350 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/
backup-20050430-142724-463 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
backup-20050430-142724-474 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
backup-20050430-142724-581 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
backup-20050430-142724-709 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
backup-20050430-142724-716 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/
backup-20050430-142724-749 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
backup-20050430-142724-802 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
backup-20050430-142724-848 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
backup-20050430-142724-955 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
backup-20050430-144748-943 O23 - Service: Port Reporter (PortReporter) - Unknown owner - D:\Program Files\PortReporter\portreporter.exe
backup-20050502-114136-161 O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
backup-20050502-114136-167 O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE
backup-20050502-114136-300 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///
backup-20050502-114136-345 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
backup-20050502-114136-445 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
backup-20050502-114136-498 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
backup-20050502-114136-554 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\nntco.dll/sp.html#37049
backup-20050502-114136-565 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
backup-20050502-114136-740 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
backup-20050502-114136-915 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1108834461855
backup-20050502-114137-696 O23 - Service: Port Reporter (PortReporter) - Unknown owner - D:\Program Files\PortReporter\portreporter.exe (file missing)
backup-20050504-015957-119 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.down.co.il
backup-20050504-044237-266 O4 - HKLM\..\Run: [WinampAgent] c:\1\Winamp\winampa.exe
backup-20050504-044237-636 O4 - HKLM\..\Run: [Startup Manager Scanner] D:\Program Files\Startup Mechanic\StartupMonitor.exe
backup-20060204-193041-229 O23 - Service: Win32Sr - Unknown owner - D:\WINDOWS\win32ssr.exe
backup-20060623-021853-436 O4 - HKLM\..\Run: [hgqhp.exe] D:\WINDOWS\System32\hgqhp.exe
backup-20060623-021853-851 O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slmdmsr.exe
backup-20060623-021924-231 O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slmdmsr.exe
backup-20060716-004503-204 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20060716-004503-460 O4 - HKLM\..\Run: [gquzg.exe] D:\WINDOWS\System32\gquzg.exe
backup-20060716-004503-681 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20060716-004503-856 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm (file missing)
backup-20060716-004504-109 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
backup-20060716-004504-115 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
backup-20060716-004504-158 O17 - HKLM\System\CCS\Services\Tcpip\..\{2AC4698E-6425-43FB-8D02-7F66BEB37964}: NameServer = 85.255.115.52 85.255.112.85
backup-20060716-004504-248 O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2E38DA-03EF-409E-B6B8-DD59370A1351}: NameServer = 85.255.115.52,85.255.112.85
backup-20060716-004504-269 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
backup-20060716-004504-447 O17 - HKLM\System\CCS\Services\Tcpip\..\{FACDDB33-645D-4D8B-B2BD-287103037707}: NameServer = 85.255.115.52,85.255.112.85
backup-20060716-004504-532 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.52 85.255.112.85
backup-20060716-004504-981 O17 - HKLM\System\CCS\Services\Tcpip\..\{745AF652-3421-41D0-8696-D9D11E1642C4}: NameServer = 85.255.115.52,85.255.112.85
backup-20061121-082814-195 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.not.co.il/%s
backup-20061129-043214-271 O4 - HKLM\..\Run: [SunServer] D:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
backup-20070220-125936-274 O23 - Service: Windows Management Service - Unknown owner - D:\WINDOWS\System32\dmcpy.exe
backup-20070220-130000-810 O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\System32\PSIService.exe
backup-20070220-150955-414 O23 - Service: Windows Management Service - Unknown owner - D:\WINDOWS\System32\dmcpy.exe
backup-20070220-150955-634 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
backup-20070223-193608-829 O16 - DPF: ConferenceRoom Java Client - http://chat.strictlyhosting.com:8080/java/cr.cab
backup-20070223-193609-284 O16 - DPF: {2B26018A-1D8D-4C19-9A9B-F6C49453A21D} (LauncherV1 Class) - http://irc.msn.co.il/Goop2/launcher.cab
backup-20070223-193610-307 O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.photo-kahana.co.il/XUpload.ocx
backup-20070223-193610-899 O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
backup-20070223-193611-475 O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
backup-20070223-193611-698 O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
backup-20070223-193611-701 O17 - HKLM\System\CCS\Services\Tcpip\..\{745AF652-3421-41D0-8696-D9D11E1642C4}: NameServer = 85.255.115.58,85.255.112.67
backup-20070223-193611-968 O17 - HKLM\System\CCS\Services\Tcpip\..\{EB2E38DA-03EF-409E-B6B8-DD59370A1351}: NameServer = 85.255.115.58,85.255.112.67
backup-20070223-212959-545 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070223-212959-586 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070225-111124-334 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070225-111124-654 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20070225-111124-671 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070225-111124-863 O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
backup-20070225-111125-134 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.67
backup-20070225-111125-141 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.67
backup-20070225-111125-298 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
backup-20070225-111125-358 O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} (LauncherV1 Class) - http://chat-basic.nana.co.il/Cabs/launcher.cab
backup-20070225-111125-561 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.67
backup-20070225-111125-600 O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
backup-20070225-111125-821 O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
backup-20070226-232713-399 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
backup-20070226-235909-403 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

[kutuputu]

Part 3 :
-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "D:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 3dfxvs - System32\DRIVERS\3dfxvsm.sys (not found)
1 ASPI32 - System32\drivers\aspi32.sys (not found)
1 AVG Anti-Spyware Driver - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 Avg7Core (AVG7 Kernel) - D:\WINDOWS\system32\drivers\avg7core.sys
1 Avg7RsW (AVG7 Wrap Driver) - D:\WINDOWS\system32\drivers\avg7rsw.sys
1 Avg7RsXP (AVG7 Resident Driver XP) - D:\WINDOWS\system32\drivers\avg7rsxp.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys (not found)
1 AvgClean (AVG7 Clean Driver) - D:\WINDOWS\system32\drivers\avgclean.sys
2 AvgTdi (AVG Network Redirector) - D:\WINDOWS\system32\drivers\avgtdi.sys
3 basic2 - System32\DRIVERS\HSF_BSC2.sys (not found)
3 CCDECODE (Closed Caption Decoder) - System32\DRIVERS\CCDECODE.sys (not found)
3 CIF USB CAMERA Service (CIF USB CAMERA) - System32\DRIVERS\pfc027.sys (not found)
3 EverestDriver (Lavalys EVEREST Kernel Driver) - C:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt
2 Fallback - System32\DRIVERS\HSF_FALL.sys (not found)
2 Fsks - System32\DRIVERS\HSF_FSKS.sys (not found)
1 fwdrv (Kerio Personal Firewall Driver) - system32\Drivers\fwdrv.sys (not found)
2 GYNOQKJX - D:\WINDOWS\System32\gynoqkjx.isf (not found)
3 hsf_msft - System32\DRIVERS\HSF_MSFT.sys (not found)
2 IYMMHNPO - D:\WINDOWS\System32\iymmhnpo.xhy (not found)
2 K56 - System32\DRIVERS\HSF_K56K.sys (not found)
3 LVCap138 (LifeView LR138 Capture Driver) - System32\DRIVERS\lvcap138.sys (not found)
3 lvtuner (LifeView WDM TV Tuner) - System32\DRIVERS\lvtuner.sys (not found)
3 LVUSBSta (Logitech USB Monitor Filter) - System32\DRIVERS\LVUSBSta.sys (not found)
3 MarvinBus (Pinnacle Marvin Bus) - System32\DRIVERS\MarvinBus.sys (not found)
3 MODEMCSA (Unimodem Streaming Filter Device) - system32\drivers\MODEMCSA.sys (not found)
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys (not found)
3 Mtlmnt5 - System32\DRIVERS\SLDRV\Mtlmnt5.sys (not found)
3 Mtlstrm - System32\DRIVERS\SLDRV\Mtlstrm.sys (not found)
3 NABTSFEC (NABTS/FEC VBI Codec) - System32\DRIVERS\NABTSFEC.sys (not found)
3 NdisIP (Microsoft TV/Video Connection) - System32\DRIVERS\NdisIP.sys (not found)
3 nm (Network Monitor Driver) - System32\DRIVERS\NMnt.sys (not found)
3 NPF (NetGroup Packet Filter Driver) - system32\drivers\npf.sys (not found)
3 NtApm (NT Apm/Legacy Interface Driver) - System32\DRIVERS\NtApm.sys (not found)
1 PCLEPCI - D:\WINDOWS\system32\drivers\Pclepci.sys
2 PfModNT - D:\WINDOWS\system32\PFMODNT.SYS
3 PID_0928 (Logitech QuickCam Express(PID_0928)) - System32\DRIVERS\LV561AV.SYS (not found)
0 PxHelp20 - System32\DRIVERS\PxHelp20.sys (not found)
0 RecAgent - System32\DRIVERS\SLDRV\RecAgent.sys (not found)
3 Rksample - System32\DRIVERS\HSF_SAMP.sys (not found)
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - System32\DRIVERS\RTL8139.SYS (not found)
1 SASDIFSV - D:\Program Files\SUPERAntiSpyware\sasdifsv.sys
3 SASENUM - D:\Program Files\SUPERAntiSpyware\SASENUM.SYS
1 SASKUTIL - D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
3 sbpci (SB PCI Family Audio Driver (WDM)) - system32\drivers\sbpci.sys (not found)
3 SLIP (BDA Slip De-Framer) - System32\DRIVERS\SLIP.sys (not found)
3 Slntamr (SmartLink AMR_PCI Driver) - System32\DRIVERS\SLDRV\slntamr.sys (not found)
3 SlNtHal - System32\DRIVERS\SLDRV\Slnthal.sys (not found)
3 SlWdmSup - System32\DRIVERS\SLDRV\SlWdmSup.sys (not found)
3 SNCP106 (PC Camera (6009 CIF)) - System32\DRIVERS\sncp106.sys (not found)
2 SoftFax - System32\DRIVERS\HSF_FAXX.sys (not found)
1 sp_rsdrv2 (Spyware Terminator Driver 2) - D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
3 streamip (BDA IPSink) - System32\DRIVERS\StreamIP.sys (not found)
2 SVKP - D:\WINDOWS\system32\SVKP.sys
3 SYMIDSCO - D:\PROGRA~1\COMMON~1\Symantec Shared\SymcData\ids-diskless\20060710.095\symidsco.sys (not found)
3 tj2knd5 (Terayon Cable Modem (NDIS)) - System32\DRIVERS\tj2knd5.sys (not found)
3 tj2kunic (Terayon Cable Modem (WDM)) - System32\DRIVERS\tj2kunic.sys (not found)
2 Tones - System32\DRIVERS\HSF_TONE.sys (not found)
3 usbccgp (Microsoft USB Generic Parent Driver) - System32\DRIVERS\usbccgp.sys (not found)
3 usbprint (Microsoft USB PRINTER Class) - System32\DRIVERS\usbprint.sys (not found)
3 usbscan (USB Scanner Driver) - System32\DRIVERS\usbscan.sys (not found)
3 USBSTOR (USB Mass Storage Driver) - System32\DRIVERS\USBSTOR.SYS (not found)
2 V124 - System32\DRIVERS\HSF_V124.sys (not found)
0 viaagp (VIA AGP Bus Filter) - System32\DRIVERS\viaagp.sys (not found)
4 Voodoo3 - System32\DRIVERS\Voodoo3.sys (not found)
4 WS2IFSL (סביבת תמיכה של ספק שירות Windows Socket 2.0 Non-IFS) - D:\WINDOWS\system32\drivers\ws2ifsl.sys
3 WSTCODEC (World Standard Teletext Codec) - System32\DRIVERS\WSTCODEC.SYS (not found)
2 WXEINNFJ - D:\WINDOWS\System32\wxeinnfj.who (not found)

[kutuputu]

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4 Adobe LM Service - "D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
4 Alerter - %SystemRoot%\System32\svchost.exe -k LocalService
3 ALG (Application Layer Gateway Service) - %SystemRoot%\System32\alg.exe
3 AppMgmt (Application Management) - %SystemRoot%\system32\svchost.exe -k netsvcs
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 AudioSrv (Windows Audio) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 AVG Anti-Spyware Guard - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 Avg7Alrt (AVG7 Alert Manager Server) - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
2 Avg7UpdSvc (AVG7 Update Service) - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
2 AVGEMS (AVG E-mail Scanner) - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
4 BITS (Background Intelligent Transfer Service) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 Browser (Computer Browser) - %SystemRoot%\System32\svchost.exe -k netsvcs
4 CiSvc (Indexing Service) - %SystemRoot%\system32\cisvc.exe
3 ClipSrv (ClipBook) - %SystemRoot%\system32\clipsrv.exe
3 COMSysApp (COM+ System Application) - D:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2 CryptSvc (Cryptographic Services) - %SystemRoot%\system32\svchost.exe -k netsvcs
2 Dhcp (DHCP Client) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 dmadmin (Logical Disk Manager Administrative Service) - %SystemRoot%\System32\dmadmin.exe /com
2 dmserver (Logical Disk Manager) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 Dnscache (DNS Client) - %SystemRoot%\System32\svchost.exe -k NetworkService
4 ERSvc (Error Reporting Service) - %SystemRoot%\System32\svchost.exe -k netsvcs
4 Eventlog (Event Log) - %SystemRoot%\system32\services.exe
4 EventSystem (COM+ Event System) - D:\WINDOWS\System32\svchost.exe -k netsvcs
3 FastUserSwitchingCompatibility (Fast User Switching Compatibility) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 helpsvc (Help and Support) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 HidServ (Human Interface Device Access) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 IDriverT (InstallDriver Table Manager) - "D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3 ImapiService (IMAPI CD-Burning COM Service) - D:\WINDOWS\System32\imapi.exe
2 lanmanworkstation (Workstation) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 LexBceS (LexBce Server) - D:\WINDOWS\system32\LEXBCES.EXE
2 LmHosts (TCP/IP NetBIOS Helper) - %SystemRoot%\System32\svchost.exe -k LocalService
3 Macromedia Licensing Service - "D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"
4 MDM (Machine Debug Manager) - "D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
4 Messenger - %SystemRoot%\System32\svchost.exe -k netsvcs
4 mnmsrvc (NetMeeting Remote Desktop Sharing) - D:\WINDOWS\System32\mnmsrvc.exe
3 MSDTC (Distributed Transaction Coordinator) - D:\WINDOWS\System32\msdtc.exe
3 MSIServer (Windows Installer) - D:\WINDOWS\System32\msiexec.exe /V
3 NetDDE (Network DDE) - %SystemRoot%\system32\netdde.exe
3 NetDDEdsdm (Network DDE DSDM) - %SystemRoot%\system32\netdde.exe
3 Netlogon (Net Logon) - %SystemRoot%\System32\lsass.exe
3 Netman (Network Connections) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 Nla (Network Location Awareness (NLA)) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 NtLmSsp (NT LM Security Support Provider) - %SystemRoot%\System32\lsass.exe
3 NtmsSvc (Removable Storage) - %SystemRoot%\system32\svchost.exe -k netsvcs
3 ose (Office Source Engine) - D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2 PersFw (Kerio Personal Firewall) - D:\Program Files\Kerio\Personal Firewall\persfw.exe
2 PlugPlay (Plug and Play) - %SystemRoot%\system32\services.exe
2 PolicyAgent (IPSEC Services) - %SystemRoot%\System32\lsass.exe
2 ProtectedStorage (Protected Storage) - %SystemRoot%\system32\lsass.exe
4 ProtexisLicensing - D:\WINDOWS\System32\PSIService.exe
3 RasAuto (Remote Access Auto Connection Manager) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 RasMan (Remote Access Connection Manager) - %SystemRoot%\System32\svchost.exe -k netsvcs
4 RDSessMgr (Remote Desktop Help Session Manager) - D:\WINDOWS\system32\sessmgr.exe
4 RemoteAccess (Routing and Remote Access) - %SystemRoot%\System32\svchost.exe -k netsvcs
4 RemoteRegistry (Remote Registry) - %SystemRoot%\system32\svchost.exe -k LocalService
3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
3 RpcLocator (Remote Procedure Call (RPC) Locator) - %SystemRoot%\System32\locator.exe
2 RpcSs (Remote Procedure Call (RPC)) - %SystemRoot%\system32\svchost -k rpcss
3 RSVP (QoS RSVP) - %SystemRoot%\System32\rsvp.exe
2 SamSs (Security Accounts Manager) - %SystemRoot%\system32\lsass.exe
3 SCardDrv (Smart Card Helper) - %SystemRoot%\System32\SCardSvr.exe
3 SCardSvr (Smart Card) - %SystemRoot%\System32\SCardSvr.exe
4 Schedule (Task Scheduler) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 seclogon (Secondary Logon) - %SystemRoot%\System32\svchost.exe -k netsvcs
4 SENS (System Event Notification) - %SystemRoot%\system32\svchost.exe -k netsvcs
4 SharedAccess (Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 ShellHWDetection (Shell Hardware Detection) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 SLService (SmartLinkService) - slmdmsr.exe
2 Spooler (Print Spooler) - %SystemRoot%\system32\spoolsv.exe
2 sp_rssrv (Spyware Terminator Realtime Shield Service) - D:\Program Files\Spyware Terminator\sp_rsser.exe
4 srservice (System Restore Service) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 SSDPSRV (SSDP Discovery Service) - %SystemRoot%\System32\svchost.exe -k LocalService
2 stisvc (Windows Image Acquisition (WIA)) - %SystemRoot%\System32\svchost.exe -k imgsvc
3 SwPrv (MS Software Shadow Copy Provider) - D:\WINDOWS\System32\dllhost.exe /Processid:{EFB03FCD-4298-45F4-A28F-EB6FA262C95A}
3 SysmonLog (Performance Logs and Alerts) - %SystemRoot%\system32\smlogsvc.exe
3 TapiSrv (Telephony) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 TermService (Terminal Services) - %SystemRoot%\System32\svchost.exe -k netsvcs
4 Themes - %SystemRoot%\System32\svchost.exe -k netsvcs
4 TlntSvr (Telnet) - D:\WINDOWS\System32\tlntsvr.exe
4 TrkWks (Distributed Link Tracking Client) - %SystemRoot%\system32\svchost.exe -k netsvcs
2 UMWdf (Windows User Mode Driver Framework) - D:\WINDOWS\System32\wdfmgr.exe
4 uploadmgr (Upload Manager) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 upnphost (Universal Plug and Play Device Host) - %SystemRoot%\System32\svchost.exe -k LocalService
3 UPS (Uninterruptible Power Supply) - %SystemRoot%\System32\ups.exe
3 VSS (Volume Shadow Copy) - %SystemRoot%\System32\vssvc.exe
4 W32Time (Windows Time) - %SystemRoot%\System32\svchost.exe -k netsvcs
4 WebClient - %SystemRoot%\System32\svchost.exe -k LocalService
2 winmgmt (Windows Management Instrumentation) - %systemroot%\system32\svchost.exe -k netsvcs
4 WmdmPmSN (Portable Media Serial Number Service) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 Wmi (Windows Management Instrumentation Driver Extensions) - %SystemRoot%\System32\svchost.exe -k netsvcs
3 WmiApSrv (WMI Performance Adapter) - D:\WINDOWS\System32\wbem\wmiapsrv.exe
4 wuauserv (Automatic Updates) - %systemroot%\system32\svchost.exe -k netsvcs
4 WZCSVC (Wireless Zero Configuration) - %SystemRoot%\System32\svchost.exe -k netsvcs

[kutuputu]

-- Files created between 2007-01-27 and 2007-02-27 ------------------------------

2007-02-27 11:00:25 218112 --a------ D:\s.exe
2007-02-26 23:52:14 3968 --a------ D:\WINDOWS\System32\drivers\AvgAsCln.sys
2007-02-26 23:47:58 8491297 --a------ D:\avgas-signatures-full-current.exe
2007-02-26 23:39:07 229251 --a------ D:\avgas-signatures-current.exe
2007-02-26 21:20:47 452280 --a------ D:\comboscan.exe
2007-02-25 13:10:14 311296 --a------ D:\WINDOWS\System32\cdintf.dll
2007-02-25 13:10:06 212480 -----n--- D:\WINDOWS\System32\PCDLIB32.DLL
2007-02-25 13:10:06 855552 --a------ D:\WINDOWS\System32\Ltwvc12n.dll
2007-02-25 13:10:06 35328 --a------ D:\WINDOWS\System32\lttwn12n.dll
2007-02-25 13:10:06 388608 --a------ D:\WINDOWS\System32\ltkrn12n.dll
2007-02-25 13:10:06 165888 --a------ D:\WINDOWS\System32\ltimg12n.dll
2007-02-25 13:10:06 149504 --a------ D:\WINDOWS\System32\Lfpng12n.dll
2007-02-25 13:10:06 26624 --a------ D:\WINDOWS\System32\lfpcx12n.dll
2007-02-25 13:10:06 36352 --a------ D:\WINDOWS\System32\lfgif12n.dll
2007-02-25 13:10:05 130048 --a------ D:\WINDOWS\System32\ltfil12n.DLL
2007-02-25 13:10:05 207872 --a------ D:\WINDOWS\System32\ltefx12n.dll
2007-02-25 13:10:05 258560 --a------ D:\WINDOWS\System32\LTDIS12n.dll
2007-02-25 13:10:05 49664 --a------ D:\WINDOWS\System32\Lfwmf12n.dll
2007-02-25 13:10:05 141824 --a------ D:\WINDOWS\System32\lftif12n.dll
2007-02-25 13:10:05 20992 --a------ D:\WINDOWS\System32\lftga12n.dll
2007-02-25 13:10:05 36864 --a------ D:\WINDOWS\System32\lfpsd12n.dll
2007-02-25 13:10:05 19968 --a------ D:\WINDOWS\System32\lfpcd12n.dll
2007-02-25 13:10:05 19968 --a------ D:\WINDOWS\System32\lfitg12n.dll
2007-02-25 13:10:05 38912 --a------ D:\WINDOWS\System32\lfflc12n.dll
2007-02-25 13:10:05 341504 --a------ D:\WINDOWS\System32\LFCMP12n.DLL
2007-02-25 13:10:05 30720 --a------ D:\WINDOWS\System32\lfbmp12n.dll
2007-02-25 12:50:59 0 d-------- D:\Projects
2007-02-25 12:50:59 0 d-------- D:\Libs
2007-02-24 21:39:18 0 d-------- D:\Documents and Settings\s\Application Data\TrojanHunter
2007-02-24 20:01:58 0 d-------- D:\Program Files\TrojanHunter 4.6
2007-02-24 00:17:05 2062665 --a------ D:\spywareguardsetup.exe
2007-02-24 00:05:58 2566736 --a------ D:\spywareblastersetup351.exe
2007-02-24 00:01:41 0 d-------- D:\hosts
2007-02-23 21:07:47 0 d-------- D:\Documents and Settings\s\Application Data\F-Secure
2007-02-23 20:48:14 0 d-------- D:\Program Files\Oversight System Sentinel Demo
2007-02-23 20:45:59 0 d-------- D:\Program Files\F-Secure
2007-02-23 20:44:31 0 d-------- D:\Documents and Settings\All Users\Application Data\fssg
2007-02-23 20:35:00 67984152 --a------ D:\fs2007.exe
2007-02-23 20:21:48 23552 --a------ D:\MsnVirRem.exe
2007-02-23 20:21:02 51134 --a------ D:\combofix.exe
2007-02-23 17:24:40 0 d-------- D:\Program Files\Safer Networking
2007-02-23 16:31:41 5037072 --a------ D:\spybotsd14.exe
2007-02-23 16:30:14 898816 --a------ D:\regalyz.exe
2007-02-23 10:51:43 2794488 --a------ D:\spynomore.exe
2007-02-23 00:34:51 5743392 --a------ D:\SUPERAntiSpyware.exe
2007-02-22 23:42:56 50688 --a------ D:\ATF-Cleaner.exe
2007-02-22 23:39:18 1914 --a------ D:\WINDOWS\System32\tmp.reg
2007-02-22 23:38:13 79360 --a------ D:\WINDOWS\System32\swxcacls.exe
2007-02-22 23:38:13 40960 --a------ D:\WINDOWS\System32\swsc.exe
2007-02-22 23:38:13 288417 --a------ D:\WINDOWS\System32\SrchSTS.exe
2007-02-22 23:38:13 51200 --a------ D:\WINDOWS\System32\dumphive.exe
2007-02-22 23:38:12 135168 --a------ D:\WINDOWS\System32\swreg.exe
2007-02-22 23:38:12 53248 --a------ D:\WINDOWS\System32\Process.exe
2007-02-22 23:38:04 0 d-------- D:\SmitfraudFix
2007-02-22 21:39:23 0 d-------- D:\Documents and Settings\Administrator.******\Application Data\Spyware Terminator
2007-02-21 20:42:33 135936 --a------ D:\WINDOWS\System32\drivers\sp_rsdrv2.sys
2007-02-21 20:42:33 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Spyware Terminator
2007-02-21 20:38:01 0 d-------- D:\Documents and Settings\s\Application Data\Spyware Terminator
2007-02-21 20:38:01 0 d-------- D:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-02-21 20:37:53 0 d-------- D:\Program Files\Spyware Terminator
2007-02-21 20:23:56 0 d-------- D:\Documents and Settings\s\Application Data\AVG7
2007-02-21 20:12:13 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-02-21 20:12:03 4960 --a------ D:\WINDOWS\System32\drivers\avgtdi.sys
2007-02-21 20:12:03 18432 --a------ D:\WINDOWS\System32\drivers\avgmfx86.sys
2007-02-21 20:12:03 3968 --a------ D:\WINDOWS\System32\drivers\avgclean.sys
2007-02-21 20:12:01 27776 --a------ D:\WINDOWS\System32\drivers\avg7rsxp.sys
2007-02-21 20:12:01 4224 --a------ D:\WINDOWS\System32\drivers\avg7rsw.sys
2007-02-21 20:11:56 839936 --a------ D:\WINDOWS\System32\drivers\avg7core.sys
2007-02-21 20:11:36 0 d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2007-02-21 09:00:14 19170000 --a------ D:\avg75free_441a944.exe
2007-02-21 08:45:10 737625 --a------ D:\SmitfraudFix.exe
2007-02-20 16:22:32 0 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-02-20 16:21:35 0 d-------- D:\Program Files\SUPERAntiSpyware
2007-02-20 16:21:35 0 d-------- D:\Documents and Settings\s\Application Data\SUPERAntiSpyware.com
2007-02-20 16:09:23 0 d-a------ D:\WINDOWS\zts2.exe
2007-02-20 16:09:23 0 d-a------ D:\WINDOWS\System32\vcmgcd32.dll
2007-02-20 16:09:23 0 d-a------ D:\WINDOWS\System32\iifgfgf.dll
2007-02-20 16:09:23 0 d-a------ D:\WINDOWS\rundll16.exe
2007-02-20 16:09:23 0 d-a------ D:\WINDOWS\rundl132.dll
2007-02-20 16:09:23 0 d-a------ D:\WINDOWS\logo1_.exe
2007-02-20 16:00:51 128512 --a------ D:\WINDOWS\System32\T.COM
2007-02-20 16:00:50 128512 --a------ D:\WINDOWS\System32\TASKMGR.COM
2007-02-20 16:00:50 134144 --a------ D:\WINDOWS\REGEDIT.COM
2007-02-20 16:00:50 134144 --a------ D:\WINDOWS\R.COM
2007-02-20 15:40:55 0 d-------- D:\Documents and Settings\All Users\Application Data\Avg7
2007-02-17 16:42:54 0 d-------- D:\Documents and Settings\s\Application Data\Apple Computer
2007-02-13 23:58:15 286720 -----n--- D:\WINDOWS\Setup1.exe
2007-02-13 23:57:51 0 d-------- D:\mister
2007-02-13 23:52:21 648351 --a------ D:\decks v1.exe
2007-02-13 23:45:40 0 d-------- D:\Program Files\NovaDSP
2007-02-13 23:45:28 1274779 --a------ D:\rifflite_setup.exe
2007-02-13 17:06:32 0 d-------- D:\Program Files\Transcribe!
2007-02-13 17:06:07 1455232 --a------ D:\xscsetup.exe
2007-02-13 16:58:07 0 d-------- D:\Program Files\AnalogX
2007-02-13 16:57:57 220569 --a------ D:\sayiti.exe
2007-02-13 16:47:18 0 d-------- D:\Program Files\d-lusion
2007-02-13 16:45:06 0 d-------- D:\Documents and Settings\s\Application Data\Cycling '74
2007-02-13 16:44:32 0 d-------- D:\AVdrum 021
2007-02-13 16:30:38 0 d-------- D:\Documents and Settings\All Users\Application Data\Windows Messenger_5.0.0482
2007-02-13 16:28:03 2211840 --a------ D:\dreamstation.exe
2007-02-13 16:24:21 0 d-------- D:\at2
2007-02-12 15:35:19 111397872 --a------ D:\acidpro60c-trial_enu.exe
2007-02-12 15:18:48 38122608 --a------ D:\acidxpress50a.exe
2007-02-06 09:02:28 0 --a------ D:\WINDOWS\System32\intr32.dll
2007-02-05 23:44:47 0 d-------- D:\GDT3
2007-02-05 23:32:15 107520 --a------ D:\Scratch_Me.exe
2007-02-05 23:28:02 1242112 --a------ D:\WINDOWS\SPT-667.exe
2007-02-05 23:28:02 26712 --a------ D:\WINDOWS\dmetmsf.dat
2007-02-05 23:28:02 14392 --a------ D:\WINDOWS\dmetmsa.dat
2007-02-05 23:28:02 92728 --a------ D:\WINDOWS\dmet.dat
2007-02-05 23:27:48 1242112 --a------ D:\SPT-667.exe
2007-02-05 23:22:03 3504975 --a------ D:\plsmst30.exe
2007-02-03 18:00:23 10452638 --a------ D:\movie_morpher_gold_cnt.exe
2007-02-03 17:29:51 0 d-------- D:\2xex1412
2007-02-03 17:17:24 0 d-------- D:\Program Files\Alwil Software
2007-02-03 17:08:57 12099848 --a------ D:\setupeng.exe
2007-02-03 17:08:24 0 d-------- D:\Program Files\ToniArts
2007-02-03 17:04:49 2951802 --a------ D:\EClea2_0.exe
2007-02-02 20:19:26 0 d-------- D:\Program Files\Liatro
2007-02-02 18:30:02 0 d-------- D:\frenzy
2007-02-02 18:25:06 0 d-------- D:\toubou
2007-02-02 10:24:54 348160 --a------ D:\WINDOWS\System32\MSVCR71.DLL
2007-02-02 10:24:53 499712 --a------ D:\WINDOWS\System32\MSVCP71.DLL
2007-02-02 10:24:51 1060864 --a------ D:\WINDOWS\System32\MFC71.DLL
2007-02-02 10:22:26 89088 --a------ D:\WINDOWS\System32\atl71.dll
2007-02-02 10:13:52 33340 --a------ D:\WINDOWS\System32\dbmsqlgc.dll
2007-02-02 10:13:52 24576 --a------ D:\WINDOWS\System32\dbmsgnet.dll
2007-02-02 10:10:23 765952 -----n--- D:\WINDOWS\System32\msvcp71d.dll
2007-02-02 10:10:20 544768 -----n--- D:\WINDOWS\System32\msvcr71d.dll
2007-02-02 09:38:59 0 d-------- D:\SmartSound Software
2007-02-02 09:34:07 171008 --a------ D:\WINDOWS\System32\drivers\MarvinBus.sys
2007-02-02 09:31:46 57344 --a------ D:\WINDOWS\System32\MFC71ENU.DLL
2007-02-02 09:12:59 0 d-------- D:\Program Files\Common Files\Download Manager
2007-02-01 01:16:31 0 d-------- D:\Program Files\Windows Media Bonus Pack for Windows XP
2007-02-01 01:14:59 6 --a------ D:\Documents and Settings\s\Application Data\mmrpzlic.dat
2007-01-31 19:16:44 0 d-------- D:\Program Files\Temp
2007-01-31 19:00:56 220 ---hs---- D:\WINDOWS\dwin.sys
2007-01-31 19:00:38 0 d-------- D:\Program Files\TM2V2
2007-01-31 17:19:37 0 d-------- D:\MySlideshow
2007-01-31 14:50:27 0 d-------- D:\Program Files\DVD Photo Slideshow Professional
2007-01-31 14:43:25 0 d-------- D:\Program Files\Slideshow pro
2007-01-31 14:39:53 0 d-------- D:\Program Files\mresreg
2007-01-30 07:20:02 16384 --a------ D:\WINDOWS\System32\FileOps.exe
2007-01-30 07:20:01 0 d-------- D:\WINDOWS\System32\Adobe
2007-01-30 00:07:59 0 d-------- D:\icetemplates.com_free006_ecommerce
2007-01-30 00:06:07 0 d-------- D:\sample_osc
2007-01-29 12:54:27 0 d-------- D:\Program Files\Popims
2007-01-28 13:51:44 0 d-------- D:\Documents and Settings\s\Application Data\Sony
2007-01-28 13:50:08 12580696 --a------ D:\mm20enu.exe
2007-01-28 13:23:15 69556081 --a------ D:\moviestudio60b-trial_enu.exe
2007-01-28 01:40:25 0 d-------- D:\logos1
2007-01-27 17:47:25 0 d-------- D:\template53
2007-01-27 13:14:40 0 d-------- D:\template64
2007-01-27 13:14:10 0 d-------- D:\template49


-- Find3M Report ----------------------------------------------------------------

2007-02-26 23:52:06 0 d-------- D:\Program Files\Grisoft
2007-02-25 13:10:05 0 d-------- D:\Program Files\Common Files\Broderbund
2007-02-25 13:10:04 0 d--h----- D:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-25 13:09:28 0 d-------- D:\Program Files\Web Publish
2007-02-25 13:04:33 0 d-------- D:\Program Files\Broderbund
2007-02-25 12:13:56 494582 --a------ D:\Fixwareout.exe
2007-02-24 22:08:49 0 d-------- D:\Program Files\SpywareGuard
2007-02-24 00:08:09 0 d-------- D:\Program Files\SpywareBlaster
2007-02-20 16:20:30 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-20 15:38:43 0 d-------- D:\Documents and Settings\s\Application Data\Adobe
2007-02-20 15:38:11 0 d-------- D:\Program Files\VirtualDJ
2007-02-20 15:37:29 0 d-------- D:\Program Files\Common Files\Adobe
2007-02-20 15:37:18 0 d-------- D:\Program Files\Art Plus
2007-02-20 15:37:16 0 d-------- D:\Program Files\Corel
2007-02-16 21:17:10 0 d-------- D:\Documents and Settings\s\Application Data\Ableton
2007-02-16 21:14:23 0 d-------- D:\Program Files\Ableton
2007-02-16 03:09:14 0 d-------- D:\Documents and Settings\s\Application Data\Audacity
2007-02-15 13:25:10 0 d-------- D:\Documents and Settings\s\Application Data\Domain Name Analyzer Pro v4.0
2007-02-13 15:56:53 0 d-------- D:\Program Files\Lexmark X1100 Series
2007-02-12 21:31:00 0 d-------- D:\Program Files\Sony
2007-02-12 21:26:42 0 d-------- D:\Program Files\Sony Setup
2007-02-04 17:54:01 0 d-------- D:\Program Files\Smoke Attack 2<SMOKEA~2>
2007-02-04 09:19:35 0 d-------- D:\Program Files\Show.kit 2.1
2007-02-03 20:31:01 0 d-------- D:\Program Files\Morpheus
2007-02-03 17:12:59 0 d-------- D:\Program Files\Amara - Flash Intro and Banner Builder
2007-02-03 17:10:00 0 d-------- D:\Program Files\Jasc Software Inc
2007-02-03 16:58:07 0 d-------- D:\Program Files\IncrediMail
2007-02-02 11:07:26 0 d-------- D:\Program Files\Pinnacle
2007-02-02 10:55:36 1852 --a------ D:\WINDOWS\System32\d3d9caps.dat
2007-01-28 13:51:28 0 d-------- D:\Program Files\Movie Maker<MOVIEM~1>
2007-01-26 23:49:23 0 d-------- D:\Program Files\Windows Media Components
2007-01-26 23:47:58 0 d-------- D:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-01-26 23:43:35 141606188 --a------ D:\uvs10_tbyb_(e)_na.exe
2007-01-23 15:22:19 0 d-------- D:\Program Files\Shockwave.com
2007-01-21 14:39:18 4704 --ahs---- D:\WINDOWS\System32\KGyGaAvL.sys
2007-01-21 14:04:09 0 d-------- D:\Documents and Settings\s\Application Data\Corel
2007-01-21 14:03:09 88 -r-hs---- D:\WINDOWS\System32\84C07846D1.sys
2007-01-21 12:57:35 0 d---s---- D:\Documents and Settings\s\Application Data\Microsoft<MICROS~1>
2007-01-17 18:45:31 0 d-------- D:\Documents and Settings\s\Application Data\Softnik Technologies
2007-01-17 17:07:35 0 d-------- D:\Program Files\Softnik Technologies
2007-01-15 17:20:53 56 -r-hs---- D:\WINDOWS\System32\D14678C084.sys
2007-01-15 12:54:32 0 d-------- D:\Program Files\Common Files\Adobe Systems Shared
2007-01-08 09:28:06 0 d-------- D:\Program Files\CoffeeCup Software
2007-01-08 09:10:13 6458671 --a------ D:\CoffeeFormBuilder50.exe
2007-01-07 23:05:09 18481128 --a------ D:\Babylon6_setup_heb_eng_heb_oxford.exe
2007-01-05 19:15:30 0 d-------- D:\Documents and Settings\s\Application Data\Macromedia<MACROM~1>
2007-01-05 19:11:32 0 d-------- D:\Program Files\Common Files\SourceTec
2007-01-05 19:11:28 0 d-------- D:\Program Files\SourceTec
2007-01-05 19:05:07 0 d-------- D:\Program Files\DComSoft
2007-01-05 19:04:46 1360574 --a------ D:\SWF Picture Extractor.exe
2007-01-04 12:26:38 5292032 --a------ D:\MixVibes6demo.exe
2006-12-30 22:47:46 0 d-------- D:\Program Files\SpacialAudio
2006-12-30 13:44:11 0 d-------- D:\Program Files\Acoustica Mixcraft
2006-12-27 12:16:04 0 d-------- D:\Program Files\Microsoft.NET
2006-12-21 12:54:53 10083348 --a------ D:\WebSmartzTrialEdition.EXE
2006-12-20 03:38:31 131584 --a------ D:\WINDOWS\System32\SpoonUninstall.exe
2006-12-20 03:38:24 749568 --a------ D:\WINDOWS\System32\swfgen.dll
2006-12-09 16:01:36 6538503 --a------ D:\3drecg2.exe
2006-12-08 02:11:49 4469879 --a------ D:\amarafibb.exe
2006-11-28 19:56:18 1740 --a------ D:\WINDOWS\System32\d3d8caps.dat


-- Registry Dump ----------------------------------------------------------------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"THGuard"="\"D:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"="D:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Babylon Client"="D:\\Program Files\\Babylon\\Babylon-Pro\\Babylon.exe -AutoStart"
"Lexmark X1100 Series"="\"D:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^s^Start Menu^Programs^Startup^Netvision Cable Connect.url]
"backup"="D:\\WINDOWS\\pss\\Netvision Cable Connect.urlStartup"
"location"="Startup"
"item"="Netvision Cable Connect"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=dword:00000003


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5BACC17E-BDF7-405B-BC68-ECB506395118}"="NSIS Media Extension"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

-- End of ComboScan: finished at 2007-02-27 at 11:01:48 -------------------------

[Angelfire777]

Hi,

You seem to have been reinfected by wareout..

*You need To disable Trojan Hunter temporarily, it can stop our fix. Please Re-enable it after your system is clean.
Before we start please go to TrojanHunter Guard in the lower right corner of your screen. It is a lightblue icon with a magnifying glass that can be difficult to see but the handle is red. Right click it and select "Settings." Uncheck "Load at Startup" and "Enabled". Make sure that the program, TrojanHunter itself, is also closed/not running.


*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} -
O16 - DPF: {CBF2C04B-50B5-4C7B-8D49-ACB62582F8E6} -
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AC4698E-6425-43FB-8D02-7F66BEB37964}: NameServer = 85.255.115.58 85.255.112.67
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
____________________

*You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again. After your computer restarts, a notepad report will immediately open, please post all the contents of that report.


*Now lets check some settings on your system.
(2000/XP) Only

• In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category, otherwise double click on Network Connections.
• Then right click on your default connection, usually Local Area Connection for cable and dsl, and left click on Properties.
• Click the Networking tab.
• Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically.
• Press OK twice to get out of the properties screen and reboot if it asks.

That option might not be avaiable on some systems


Next go to Start > Run > type cmd and hit OK

type ipconfig /flushdns

then hit enter, type exit hit enter.
(that space between g and / is needed)

Finally, please post a fresh HijackThis log, along with the contents of the report.

[kutuputu]

Thak again for your help.

Log of hijack this :

Logfile of HijackThis v1.99.1
Scan saved at 15:00:27, on 28/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Kerio\Personal Firewall\persfw.exe
D:\WINDOWS\system32\slmdmsr.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = http://www.google.co.il
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - D:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

Log of Fixwareout :


Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

[Angelfire777]

*Since HijackThis creates backups of all it fixes and we want them safe and secured should they be required later, we need to move HijackThis to a permanent folder.

a.) While in your Desktop, right click in the background > Go to New > click Folder > Name the Folder HJT

b.) After creating the folder, find your HijackThis.exe . Then,cut nad paste that file to the new folder you created.
_______________

Download this file and unzip it to your desktop

Download About:Buster from here. Once it is downloaded extract it to c:\aboutbuster. Do NOT use it yet.

Download CWShredder from here, install it, check for updates but again, don't use it yet.
_______________

You may want to print these instructions here or save them in notepad since you'll work offline.

Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

*While in safe mode, double click on the HSfix.reg file you downloaded at the beginning. Grant it permission to add the registry items.

*Then Open cwshredder that you downloaded in the first step. Close all browser windows and click on the fix/next button.

*Now navigate to the c:\aboutbuster directory and double-click on AboutBuster.exe. Click Begin Removal to allow AboutBuster to scan. When it has finished, AboutBuster will open a 'Scan Completed' window. Click OK. Another information window will open. Click on Exit. AboutBuster will inform you that a log has been created. Click OK. I will need you to post that log later.

Reboot to normal mode.

I also noticed that your AVG Antispyware log was not posted correctly..You only posted the first part of the log then it was cut off..On your next reply, please post a fresh HijackThis log, AVG Antispyware log and the aboutbuster log.

[kutuputu]

Thanks again.

My redirections is fixed, and i don't have any hijack...
I install again IE6, and now i can connect to secure sites.

Continue doing the fix process ?

I open the REG files that u told me to add to the registery, and some of the lines was "jibrish"...still ok to add it ?

[Angelfire777]

Hi,

Yes please continue with the instructions