View Full Version : Infected
grassman22
2009-10-25, 16:03
Hello,
A week ago, When I accessed the internet, I was suddenly attacked by viruses. Since then I couldn't access the internet and instead got all kinds of prompts. One of them was from Windwos Installer indicating it was installing. Also, I couldn't restart/turn off the computer using the Start>Turn off option. I ran Spybot, and since then was able to access the Internet and there were no prompts, but still couldn't restart. After I manually restarted SB did a check and found and erased some more items. Now I am able to restart/turn-off from Start menu, but still my PC runs slow and now and then, whan I open a program, I get the Window Installer Installing window.
I posted a message here a week ago but got no reply. Here is a new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:51, on 25/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINXP\Explorer.EXE
C:\WINXP\SOUNDMAN.EXE
C:\WINXP\system32\atwtusb.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\System32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\System32\tcpsvcs.exe
C:\WINXP\System32\snmp.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\WINXP\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sinfest.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.inter.net.il:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: עוזר הכניסה של Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: IsraBlog &OneLiner - C:\Program Files\IsraBlog OneLiner\ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ordernet.co.il
O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://tango.huji.ac.il/sre/ICSScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} (MidRadioCtrl Class) - http://adweb.music-eclub.com/php/adweb.php3?aid=143&arg=win%2Fmrinste.cab&ptx=mratdl
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/BlogTVU-new/launcher.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINXP\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
--
End of file - 8644 bytes
Thanx in advance,
Grassman22
Hello
Welcome to Safer Networking.
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking[/b]
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect
Download CWShredder (http://us.trendmicro.com/us/products/personal/CWShredder/) to your desktop.
Open CWShredder
Check for Updates
Close out the program. <-- Dont run it yet
Boot your computer into Safemode
Go to Start> Shut Off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly.
This will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to SAFEMODE
Then press the Enter on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
Open CWShredder
Double-click on CWShredder.exe.
Click Fix and click OK at the prompt.
CWShredder will scan and clean your system of CWS files.
Click Next and then Exit .
Please download Malwarebytes' Anti-Malware from Here ( http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://forums.whatthetech.com/post_a4255_MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please
Post the Malwarebytes log, the CWS log and a new HJT log please
grassman22
2009-10-27, 10:08
Hi,
CWShredder was unable to check for update. What do I do?
Thnx,
Grassman22
You can run it without the update for now.
grassman22
2009-10-27, 11:39
Hello,
CWShredder found one object, I think it was connected to MS Config. I pressed "create report". Here are the resolts:
**** Run Keys ****
RUN: [NeroCheck] C:\WINXP\System32\\NeroCheck.exe
RUN: [SoundMan] SOUNDMAN.EXE
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
RUN: [nwiz] nwiz.exe /install
RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit
RUN: [atwtusb] atwtusb.exe beta
RUN: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
RUN: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
RUN: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
RUN: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
RUN: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
RUN: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
RUN: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
RUN: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
RUN: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
**** Browser Helper Objects ****
BHO: [Adobe PDF Reader Link Helper] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: [Spybot-S&D IE Protection] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [Spybot-S&D IE Protection] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [עוזר הכניסה של Windows Live] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: [Java(tm) Plug-In 2 SSV Helper] C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO: [JQSIEStartDetectorImpl Class] C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
**** IE Toolbars ****
**** IE Extensions ****
IEExt: []
IEExt: []
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe
**** Hosts File Entries ****
HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost
**** IE Settings ****
IEProxy: proxy.inter.net.il:8080
IEBypass: *.local
Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: C:\WINXP\system32\blank.htm
Search Bar: about:blank
Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
**** IE Context Menu (Right click) ****
IEContext: [E&xport to Microsoft Excel] res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
IEContext: [IsraBlog &OneLiner] C:\Program Files\IsraBlog OneLiner\ie.htm
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{901A2127-A2ED-4F07-B990-2502011535C5}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{901A2127-A2ED-4F07-B990-2502011535C5}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7DBCF86-E148-493E-A697-2D8F60941B50}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7DBCF86-E148-493E-A697-2D8F60941B50}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8884C488-C005-4B9D-9596-BF0B5BB223EE}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8884C488-C005-4B9D-9596-BF0B5BB223EE}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{67F47D56-16E9-498C-B339-520A656FED4F}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{67F47D56-16E9-498C-B339-520A656FED4F}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE8BE38D-9171-495D-913C-B72DE160C5E0}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DE8BE38D-9171-495D-913C-B72DE160C5E0}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EEFC022-1833-48E0-B1C1-C1438EF818F1}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EEFC022-1833-48E0-B1C1-C1438EF818F1}] DATAGRAM 5
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
{10ABC6DB-E091-4EAE-98DD-21B5A2460714} [http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab] C:\WINXP\Downloaded Program Files\avdetinst.dll
{166B1BCA-3F9C-11CF-8075-444553540000} [http://active.macromedia.com/director/cabs/sw.cab]
{17492023-C23A-453E-A040-C7C580BBF700} [http://go.microsoft.com/fwlink/?linkid=39204] C:\WINXP\system32\LegitCheckControl.DLL
{33564D57-0000-0010-8000-00AA00389B71} [http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB]
{33564D57-9980-0010-8000-00AA00389B71} [http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab]
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [http://upload.facebook.com/controls/FacebookPhotoUploader3.cab]
{62475759-9E84-458E-A1AB-5D2C442ADFDE} [http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe]
{7F8C8173-AD80-4807-AA75-5672F22B4582} [https://tango.huji.ac.il/sre/ICSScanner.cab]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [http://www.pandasoftware.com/activescan/as5free/asinst.cab]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38131.4541087963]
{A16C2BF4-501E-45FA-8A14-F26E022D5E16} [http://adweb.music-eclub.com/php/adweb.php3?aid=143&arg=win%2Fmrinste.cab&ptx=mratdl]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]
{D79B6F43-F214-4E7A-9ECB-CCC8771F2416} [http://www.tapuz.co.il/irc/main/launcher.cab]
{F59AB0C4-3443-4551-A78F-C101F9DE0215} [http://irc.tapuz.co.il/BlogTVU-new/launcher.cab]
{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} [http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab]
**** Windows Services ****
[Adobe LM Service] "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[Apple Mobile Device] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aswUpdSv] "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[avast! Antivirus] "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
[avast! Mail Scanner] "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
[avast! Web Scanner] "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
[bgsvcgen] C:\WINXP\system32\bgsvcgen.exe
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Bonjour Service] "C:\Program Files\Bonjour\mDNSResponder.exe"
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[cisvc] C:\WINXP\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINXP\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[Dot3svc] %SystemRoot%\System32\svchost.exe -k dot3svc
[EapHost] %SystemRoot%\System32\svchost.exe -k eapsvcs
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINXP\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[hkmsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[IDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
[ImapiService] C:\WINXP\System32\imapi.exe
[iPod Service] "C:\Program Files\iPod\bin\iPodService.exe"
[Iprip] %SystemRoot%\System32\svchost.exe -k netsvcs
[JavaQuickStarterService] "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[LPDSVC] %SystemRoot%\System32\tcpsvcs.exe
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINXP\System32\mnmsrvc.exe
[MSDTC] C:\WINXP\System32\msdtc.exe
[MSIServer] C:\WINXP\System32\msiexec.exe /V
[napagent] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINXP\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SimpTcp] %SystemRoot%\System32\tcpsvcs.exe
[SNMP] %SystemRoot%\System32\snmp.exe
[SNMPTRAP] %SystemRoot%\System32\snmptrap.exe
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINXP\System32\dllhost.exe /Processid:{1D40C469-8ACF-42C5-85FF-B1660FD2B64D}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[usnjsvc] "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[WinDefend] "C:\Program Files\Windows Defender\MsMpEng.exe"
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WLSetupSvc] "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINXP\System32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %SystemRoot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs
**** Custom IE Search Items ****
SEARCH: [SearchAssistant] about:blank
SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
**** Complete IE Options ****
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINXP\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.sinfest.net/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Use FormSuggest] yes
IEOPT: [Save Directory] C:\Documents and Settings\דורון\שולחן העבודה\John K\
IEOPT: [FormSuggest PW Ask] no
IEOPT: [HOMEOldSP] about:blank
IEOPT: [Search Bar] about:blank
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [Check_Associations] No
IEOPT: [FormSuggest Passwords] yes
IEOPT: [Enable Browser Extensions] yes
IEOPT: [NoWebJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [UseThemes]
IEOPT: [FavIntelliMenus] no
IEOPT: [ShowGoButton] yes
IEOPT: [Friendly http errors] yes
IEOPT: [SmoothScroll]
IEOPT: [Force Offscreen Composition]
IEOPT: [NscSingleExpand]
IEOPT: [AllowWindowReuse]
IEOPT: [Print_Background] no
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Play_Animations] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Show image placeholders]
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Move System Caret] no
IEOPT: [Expand Alt Text] no
IEOPT: [LastCheckedHi] HF
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [AutoSearch]
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Use Search Asst] no
IEOPT: [Search Bar] about:blank
MBAM didn't find enything. Here is the report:
Malwarebytes' Anti-Malware 1.41
Database version: 3038
Windows 5.1.2600 Service Pack 3
27/10/2009 11:32:29
mbam-log-2009-10-27 (11-32-28).txt
Scan type: Quick Scan
Objects scanned: 153577
Time elapsed: 12 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
A new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:46, on 27/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINXP\Explorer.EXE
C:\WINXP\SOUNDMAN.EXE
C:\WINXP\system32\atwtusb.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\System32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\System32\tcpsvcs.exe
C:\WINXP\System32\snmp.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINXP\system32\cidaemon.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\WINXP\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sinfest.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.inter.net.il:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: עוזר הכניסה של Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: IsraBlog &OneLiner - C:\Program Files\IsraBlog OneLiner\ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ordernet.co.il
O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://tango.huji.ac.il/sre/ICSScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} (MidRadioCtrl Class) - http://adweb.music-eclub.com/php/adweb.php3?aid=143&arg=win%2Fmrinste.cab&ptx=mratdl
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/BlogTVU-new/launcher.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINXP\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
--
End of file - 9047 bytes
Thnx,
Grassman22
Hello,
Did you set this proxy ?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.inter.net.il:8080
Do you want this site in your Internet Explorer Trusted Zone ?
O15 - Trusted Zone: *.ordernet.co.il
Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking[/b]
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect
Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com (http://www.techsupportforum.com/sectools/sUBs/dds)
DDS.scr (http://download.bleepingcomputer.com/sUBs/dds.scr)
DDS.pif (http://www.forospyware.com/sUBs/dds)
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results, click no to the Optional_Scan
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)
Post a new HJT log and the DDS report and let me know if your still having problems? As far as windows installer, that may be a windows problem and I can direct you to a windows support forum that can help you sort that out.
grassman22
2009-10-27, 14:59
Hi,
Answers to your questions:
About the proxy, I think its got to do with the internet server for the surfing/email account provider, so I rather not touch it.
About "ordernet" - I set it, it's ok.
Here are the logs:
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:53, on 27/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\atwtusb.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\System32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\System32\tcpsvcs.exe
C:\WINXP\System32\snmp.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINXP\system32\cidaemon.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sinfest.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.inter.net.il:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: עוזר הכניסה של Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: IsraBlog &OneLiner - C:\Program Files\IsraBlog OneLiner\ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ordernet.co.il
O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://tango.huji.ac.il/sre/ICSScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} (MidRadioCtrl Class) - http://adweb.music-eclub.com/php/adweb.php3?aid=143&arg=win%2Fmrinste.cab&ptx=mratdl
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/BlogTVU-new/launcher.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINXP\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
--
End of file - 8554 bytes
DDS report:
DDS (Ver_09-10-26.01) - NTFSx86
Run by at 14:39:50.56 on Tue 10/27/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1255.972.1037.18.255.9 [GMT 2:00]
AV: avast! antivirus 4.8.1351 [VPS 091026-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINXP\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\atwtusb.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINXP\system32\spoolsv.exe
svchost.exe
C:\WINXP\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\System32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\System32\tcpsvcs.exe
C:\WINXP\System32\snmp.exe
C:\WINXP\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINXP\system32\cidaemon.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\דורון\שולחן העבודה\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.sinfest.net/
uInternet Settings,ProxyServer = proxy.inter.net.il:8080
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: עוזר הכניסה של Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\winxp\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NeroCheck] c:\winxp\system32\\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winxp\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winxp\system32\NvMcTray.dll,NvTaskbarInit
mRun: [atwtusb] atwtusb.exe beta
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\winxp\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1.win\94ae~1\d9f0~1\76ef~1\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1.win\94ae~1\d9f0~1\76ef~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: IsraBlog &OneLiner - c:\program files\israblog oneliner\ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ordernet.co.il
DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} - hxxp://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://tango.huji.ac.il/sre/ICSScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38131.4541087963
DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} - hxxp://adweb.music-eclub.com/php/adweb.php3?aid=143&arg=win%2Fmrinste.cab&ptx=mratdl
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} - hxxp://www.tapuz.co.il/irc/main/launcher.cab
DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} - hxxp://irc.tapuz.co.il/BlogTVU-new/launcher.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - c:\program files\yamaha\midradio player\MidRadio.ocx
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\winxp\system32\drivers\aswSP.sys [2008-4-18 114768]
R2 aswFsBlk;aswFsBlk;c:\winxp\system32\drivers\aswFsBlk.sys [2008-4-18 20560]
=============== Created Last 30 ================
2120-08-26 11:35:18 0 d-----w- c:\program files\Chami
2120-08-26 10:22:08 0 d-----w- c:\program files\Arachnophilia
2120-08-24 18:02:38 4610 ----a-w- c:\winxp\mozver.dat
2120-08-24 17:21:09 93184 -c--a-w- c:\winxp\system32\dllcache\ieinfo5.ocx
2120-08-24 13:57:56 9522 ----a-w- c:\winxp\Zapotec.bmp
2120-08-24 13:48:44 35328 ----a-w- c:\winxp\system32\iprip.dll
2120-08-24 13:48:44 22528 ----a-w- c:\winxp\system32\lpdsvc.dll
2120-08-24 13:48:44 18944 -c--a-w- c:\winxp\system32\dllcache\simptcp.dll
2120-08-24 13:48:44 18944 ----a-w- c:\winxp\system32\simptcp.dll
2120-08-24 13:48:44 18944 ----a-w- c:\winxp\system32\lprmon.dll
2120-08-24 10:15:09 691712 ------w- c:\winxp\system32\inetcomm.dll
2120-08-24 10:15:09 51712 ----a-w- c:\winxp\system32\msident.dll
2120-08-24 10:15:09 252928 ----a-w- c:\winxp\system32\msoeacct.dll
2120-08-24 10:15:09 105984 ----a-w- c:\winxp\system32\msoert2.dll
2120-08-24 10:15:08 45568 ----a-w- c:\winxp\system32\inetres.dll
2120-08-24 10:08:00 33792 ----a-w- c:\winxp\ieuninst.exe
2120-08-24 10:07:57 663552 ----a-w- c:\winxp\system32\wininet.dll
2120-08-24 09:44:35 711168 ----a-w- c:\winxp\system32\sxs.dll
2120-08-24 09:44:34 87552 ----a-w- c:\winxp\system32\fldrclnr.dll
2120-08-24 09:44:17 57344 ----a-w- c:\winxp\system32\dpwsockx.dll
2120-08-24 09:44:17 229888 ----a-w- c:\winxp\system32\dplayx.dll
2120-08-24 08:16:33 535 ----a-w- c:\winxp\IEPatchUninstall.BAK
2120-08-24 08:10:17 0 d-----w- c:\winxp\קבצי התקנה של Windows Update
2120-08-21 10:23:25 138240 ----a-w- c:\winxp\system32\itss.dll
2120-08-21 10:23:23 5714944 ----a-w- c:\winxp\system32\xpsp2res.dll
2120-08-21 10:23:23 272384 ----a-w- c:\winxp\system32\mstask.dll
2120-08-21 10:23:23 190976 ----a-w- c:\winxp\system32\schedsvc.dll
2120-08-21 10:23:23 12288 ----a-w- c:\winxp\system32\mstinit.exe
2120-08-21 08:59:33 0 d-----w- c:\winxp\system32\bits
2009-10-27 09:13:14 0 d-----w- c:\docume~1\f1cc~1\applic~1\Malwarebytes
2009-10-27 09:12:47 38224 ----a-w- c:\winxp\system32\drivers\mbamswissarmy.sys
2009-10-27 09:12:43 19160 ----a-w- c:\winxp\system32\drivers\mbam.sys
2009-10-27 09:12:43 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-10-27 09:12:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 20:16:19 54156 ---ha-w- c:\winxp\QTFont.qfn
2009-10-22 20:16:19 1409 ----a-w- c:\winxp\QTFont.for
2009-10-18 19:17:56 0 d-----w- c:\program files\Trend Micro
2009-10-18 15:08:19 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-10-18 15:08:16 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-10-18 15:08:13 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-10-18 15:08:09 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-10-03 17:35:36 0 d-----w- c:\documents and settings\דורון\.freemind
2009-10-03 17:35:09 0 d-----w- c:\program files\FreeMind
2009-10-03 09:11:12 195440 ------w- c:\winxp\system32\MpSigStub.exe
==================== Find3M ====================
2009-10-27 08:38:22 10223616 ---ha-w- c:\documents and settings\דורון\NTUSER.DAT
2009-09-27 07:28:36 39976 ----a-w- c:\winxp\system32\perfc00d.dat
2009-09-27 07:28:36 247754 ----a-w- c:\winxp\system32\perfh00d.dat
2009-09-25 05:35:51 81920 ------w- c:\winxp\system32\ieencode.dll
2009-09-11 14:18:30 136192 ----a-w- c:\winxp\system32\msv1_0.dll
2009-09-04 21:04:40 58880 ----a-w- c:\winxp\system32\msasn1.dll
2009-08-26 08:01:20 247326 ----a-w- c:\winxp\system32\strmdll.dll
2009-08-20 13:09:06 1193832 ----a-w- c:\winxp\system32\FM20.DLL
2009-08-05 09:00:41 203776 ----a-w- c:\winxp\system32\mswebdvd.dll
2009-08-04 17:27:53 2146816 ----a-w- c:\winxp\system32\ntoskrnl.exe
2009-08-04 17:27:48 2025472 ----a-w- c:\winxp\system32\ntkrnlpa.exe
2006-11-21 15:27:10 12099848 ----a-w- c:\program files\setupeng.exe
2004-01-02 14:52:14 872 ----a-w- c:\program files\INSTALL.LOG
============= FINISH: 14:41:18.31 ===============
Would you like tha "Attach" file as well?
About the problems: my computer still runs slow. Takes me a couple of menutes just to open SB, for example. I also get a message about low virtual memory on every startup.
About windows installer, I don't see it enymore but if u know a relevant forum I would like to hear about it.
Thnx,
Grassman22
I think I am looking at iSearch which needs to be removed
Follow the instructions I posted and run Malwarebytes
grassman22
2009-10-27, 20:32
Hi,
It didn't find enything. Here is the log:
Malwarebytes' Anti-Malware 1.41
Database version: 3038
Windows 5.1.2600 Service Pack 3
27/10/2009 20:30:27
mbam-log-2009-10-27 (20-30-27).txt
Scan type: Quick Scan
Objects scanned: 153719
Time elapsed: 14 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Thnx,
Grassman22
What I would like you to do is run this free online virus scanner. Post the results and a new HJT log please.
Please run this free online virus scanner from ESET (http://www.eset.eu/online-scanner)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
grassman22
2009-10-28, 02:45
Hi,
Here is the ESET log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# Crazy Browser.exe=1.0.5.0
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9a16d53a151c164287ef5c5ee6e5cb31
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-28 12:40:37
# local_time=2009-10-28 02:40:37 )
# country="Israel"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 790934 790934 0 0
# compatibility_mode=769 16775125 100 98 8734 192969164 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3885 3885 0 0
# scanned=381918
# found=7
# cleaned=7
# scan_time=9639
C:\Documents and Settings\דורון\Local Settings\Temp\131078144\Loader.exe Win32/Agent.NPD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\דורון\Local Settings\Temp\131078144\PlayMedia.exe Win32/Agent.NPD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\דורון\Local Settings\Temp\Cartoon Television Program Pro v1.8\Cracker\keygen.exe probably a variant of Win32/Obfuscated trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\דורון\My Documents\ctp\keygen\keygen.exe probably a variant of Win32/Obfuscated trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Cartoon Television Program Pro v1.8\Cracker\keygen.exe probably a variant of Win32/Obfuscated trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\Altnet\adm.exe Win32/Adware.Altnet application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\Altnet\admdata.dll Win32/Adware.Altnet application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
And here is a new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:44:49, on 28/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\atwtusb.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINXP\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINXP\System32\cisvc.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\System32\snmp.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINXP\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\WINXP\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sinfest.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.inter.net.il:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: עוזר הכניסה של Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINXP\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher 2.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: IsraBlog &OneLiner - C:\Program Files\IsraBlog OneLiner\ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.ordernet.co.il
O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://tango.huji.ac.il/sre/ICSScanner.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} (MidRadioCtrl Class) - http://adweb.music-eclub.com/php/adweb.php3?aid=143&arg=win%2Fmrinste.cab&ptx=mratdl
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.tapuz.co.il/BlogTVU-new/launcher.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINXP\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
--
End of file - 8742 bytes
Thnx,
Grassman22
Hi,
C:\Program Files\Cartoon Television Program Pro v1.8\Cracker\keygen.exe <--Your downloading illegal cracked/keygen software, besides it being illegal its also the fastest way of picking up infections. This forum does not condone the use of illegal software, if I was to continue to help you it could be construed in the eyes of the law as aiding and abetting a crime.