Spybot won't run
- Thread starter Appro
- Start date
Hi Appro
ok, the file does not exist
1 - Run Malwarebytes' Anti-Malware
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - Status Check
Please reply with
1. the Malwarebytes' Anti-Malware Log
Thanks peku006
ok, the file does not exist
1 - Run Malwarebytes' Anti-Malware
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
- After the update have been completed, Select the Scanner tab.
- Make sure the "Perform full scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Click on the Show Results button to see a list of any malware that was found.
- Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later. - When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt - Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - Status Check
Please reply with
1. the Malwarebytes' Anti-Malware Log
Thanks peku006
mbam:
Malwarebytes' Anti-Malware 1.44
Database version: 3631
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
1/25/2010 11:51:42 PM
mbam-log-2010-01-25 (23-51-42).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|G:\|H:\|I:\|)
Objects scanned: 795964
Time elapsed: 4 hour(s), 25 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 19
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\KORG\KORG Legacy\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035723.sys (Malware.Trace) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035782.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035785.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035787.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035788.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035790.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035791.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035793.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035882.sys (Malware.Trace) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035998.sys (Malware.Trace) -> Not selected for removal.
D:\Downloads\Rob.Papen.LinPlug.Albino.VSTi.v3.0.2.incl.KeyGen-BEAT\Albino3Installer302.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Projects\samp\Ueberschall.Minimal.House.VSTi.RTAS.AU.HYBRID.DVDR-DYNAMiCS\NGEN_KeyGen-Ueberschall_Liquid Instruments-Elastik.exe (Worm.Brontok) -> Quarantined and deleted successfully.
D:\Projects\Sony Acid Pro 5.0 + Key\kgsonyall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0036226.exe (Worm.Brontok) -> Quarantined and deleted successfully.
E:\Projects\Plug-ins\New\Rob.Papen.LinPlug.Albino.VSTi.v3.0.2.incl.KeyGen-BEAT\Albino3Installer302.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
E:\Projects\Projects 2006-2008\samp\Ueberschall.Minimal.House.VSTi.RTAS.AU.HYBRID.DVDR-DYNAMiCS\NGEN_KeyGen-Ueberschall_Liquid Instruments-Elastik.exe (Worm.Brontok) -> Quarantined and deleted successfully.
E:\Projects\Projects 2006-2008\Sony Acid Pro 5.0 + Key\kgsonyall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0036227.exe (Worm.Brontok) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.44
Database version: 3631
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
1/25/2010 11:51:42 PM
mbam-log-2010-01-25 (23-51-42).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|G:\|H:\|I:\|)
Objects scanned: 795964
Time elapsed: 4 hour(s), 25 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 19
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\KORG\KORG Legacy\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035723.sys (Malware.Trace) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035782.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035785.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035787.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035788.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035790.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035791.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035793.EXE (Malware.Packer.Morphine) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035882.sys (Malware.Trace) -> Not selected for removal.
C:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0035998.sys (Malware.Trace) -> Not selected for removal.
D:\Downloads\Rob.Papen.LinPlug.Albino.VSTi.v3.0.2.incl.KeyGen-BEAT\Albino3Installer302.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\Projects\samp\Ueberschall.Minimal.House.VSTi.RTAS.AU.HYBRID.DVDR-DYNAMiCS\NGEN_KeyGen-Ueberschall_Liquid Instruments-Elastik.exe (Worm.Brontok) -> Quarantined and deleted successfully.
D:\Projects\Sony Acid Pro 5.0 + Key\kgsonyall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0036226.exe (Worm.Brontok) -> Quarantined and deleted successfully.
E:\Projects\Plug-ins\New\Rob.Papen.LinPlug.Albino.VSTi.v3.0.2.incl.KeyGen-BEAT\Albino3Installer302.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
E:\Projects\Projects 2006-2008\samp\Ueberschall.Minimal.House.VSTi.RTAS.AU.HYBRID.DVDR-DYNAMiCS\NGEN_KeyGen-Ueberschall_Liquid Instruments-Elastik.exe (Worm.Brontok) -> Quarantined and deleted successfully.
E:\Projects\Projects 2006-2008\Sony Acid Pro 5.0 + Key\kgsonyall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{816A2130-6251-498B-8B5D-6555FA444A3D}\RP262\A0036227.exe (Worm.Brontok) -> Quarantined and deleted successfully.
Hi Appro
Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
Thanks peku006
Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
Thanks peku006
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\chris\start menu\programs\waves\documents\x-crackle help.lnk
c:\downloads\other software\winamp pro v5.541.2189+keygen[h33t]masteruploader\winamp pro v5.541.2189+keygen[h33t]masteruploader.rar
c:\downloads\pro audio plug-ins\camel audio camelspace vst v1.42 incl keygen-air\a-csp142.rar
c:\downloads\pro audio plug-ins\camel audio camelspace vst v1.42 incl keygen-air\a-csp142.zip
c:\downloads\pro audio plug-ins\camel audio camelspace vst v1.42 incl keygen-air\air.nfo
c:\downloads\pro audio plug-ins\d16.group.toraverb.vst.v1.0.1.incl.keygen.working-air\d16.group.toraverb.vst.v1.0.1.incl.keygen.working-air.rar
c:\downloads\pro audio plug-ins\gforce.the.oddity.vsti.rtas.v1.15.incl.keygen-air\gforce.the.oddity.vsti.rtas.v1.15.incl.keygen-air.rar
c:\downloads\pro audio plug-ins\ik.multimedia.amplitube.jimi.hendrix.v1.0.3.vst.rtas.incl.keygen-dynamics\ik.multimedia.amplitube.jimi.hendrix.v1.0.3.vst.rtas.incl.keygen-dynamics.rar
c:\downloads\pro audio plug-ins\ik.multimedia.amplitube.jimi.hendrix.v1.0.3.vst.rtas.incl.keygen-dynamics\keygen.rar
c:\downloads\pro audio plug-ins\ik.multimedia.amplitube.v2.1.4.vst.rtas.incl.keygen-dynamics\ik.multimedia.amplitube.v2.1.4.vst.rtas.incl.keygen-dynamics.rar
c:\downloads\pro audio plug-ins\novation.bass-station.vsti.v1.5.1.incl.keygen-air\a-nbs150.rar
c:\downloads\pro audio plug-ins\novation.bass-station.vsti.v1.5.1.incl.keygen-air\a-nbs151.zip
c:\downloads\pro audio plug-ins\novation.bass-station.vsti.v1.5.1.incl.keygen-air\air.nfo
c:\downloads\pro audio plug-ins\ohmforce.mobilohm.pro.vst.rtas.v1.21.incl.keygen-air\ohmforce.mobilohm.pro.vst.rtas.v1.21.incl.keygen-air.rar
c:\downloads\pro audio plug-ins\ohmforce.quadfrohmage.pro.vst.rtas.v1.31.incl.keygen-air\ohmforce.quadfrohmage.pro.vst.rtas.v1.31.incl.keygen-air.rar
c:\downloads\pro audio plug-ins\psp.audioware.oldtimer.v1.1.6.vst.rtas.incl.keygen-dynamics\psp.audioware.oldtimer.v1.1.6.vst.rtas.incl.keygen-dynamics.rar
c:\downloads\pro audio plug-ins\psp.audioware.vintage.warmer.vst.rtas.v2.1.4.incl.keygen-air\psp.audioware.vintage.warmer.vst.rtas.v2.1.4.incl.keygen-air.rar
c:\downloads\pro audio plug-ins\trilogy keygen\a-trlkg.rar
c:\downloads\pro audio plug-ins\trilogy keygen\arctic.nfo
c:\downloads\pro audio plug-ins\trilogy keygen\file_id.diz
c:\downloads\pro audio plug-ins\trilogy keygen\nia.nfo
c:\downloads\pro audio plug-ins\trilogy keygen\tnl.nfo
c:\downloads\pro audio plug-ins\voxengo.transgainer.vst.v1.0.x32.x64.incl.keygen-air\voxengo.transgainer.vst.v1.0.x32.x64.incl.keygen-air.rar
c:\program files\common files\native instruments\shared content\sounds\massive\crackle carl.ksd
c:\program files\flashget\torrent\camel audio camelspace vst v1.42 incl keygen-air.torrent.bits
c:\program files\flashget\torrent\camel audio camelspace vst v1.42 incl keygen-air.torrent.filelist
c:\program files\flashget\torrent\camel audio camelspace vst v1.42 incl keygen-air.torrent.seeds
c:\program files\flashget\torrent\d16 drumazon vsti v1.0.3 incl keygen-air.torrent.bits
c:\program files\flashget\torrent\d16 drumazon vsti v1.0.3 incl keygen-air.torrent.filelist
c:\program files\flashget\torrent\d16 drumazon vsti v1.0.3 incl keygen-air.torrent.seeds
c:\program files\flashget\torrent\d16.group.toraverb.vst.v1.0.1.incl.keygen.working-air.torrent.bits
c:\program files\flashget\torrent\d16.group.toraverb.vst.v1.0.1.incl.keygen.working-air.torrent.filelist
c:\program files\flashget\torrent\d16.group.toraverb.vst.v1.0.1.incl.keygen.working-air.torrent.seeds
c:\program files\flashget\torrent\d16.nepheton.vsti.v1.0.5.incl.keygen-air.torrent.bits
c:\program files\flashget\torrent\d16.nepheton.vsti.v1.0.5.incl.keygen-air.torrent.filelist
c:\program files\flashget\torrent\eiosis - e²transiente vst including crack.torrent.bits
c:\program files\flashget\torrent\eiosis - e²transiente vst including crack.torrent.filelist
c:\program files\flashget\torrent\gforce.the.oddity.vsti.rtas.v1.15.incl.keygen-air.torrent.bits
c:\program files\flashget\torrent\gforce.the.oddity.vsti.rtas.v1.15.incl.keygen-air.torrent.filelist
c:\program files\flashget\torrent\gforce.the.oddity.vsti.rtas.v1.15.incl.keygen-air.torrent.seeds
c:\program files\flashget\torrent\ik.multimedia.amplitube.jimi.hendrix.v1.0.3.vst.rtas.incl.keygen-dynamics.torrent.bits
c:\program files\flashget\torrent\ik.multimedia.amplitube.jimi.hendrix.v1.0.3.vst.rtas.incl.keygen-dynamics.torrent.filelist
c:\program files\flashget\torrent\ik.multimedia.amplitube.jimi.hendrix.v1.0.3.vst.rtas.incl.keygen-dynamics.torrent.seeds
c:\program files\flashget\torrent\ik.multimedia.amplitube.v2.1.4.vst.rtas.incl.keygen-dynamics.torrent.bits
c:\program files\flashget\torrent\ik.multimedia.amplitube.v2.1.4.vst.rtas.incl.keygen-dynamics.torrent.filelist
c:\program files\flashget\torrent\ik.multimedia.amplitube.v2.1.4.vst.rtas.incl.keygen-dynamics.torrent.seeds
c:\program files\flashget\torrent\ik.multimedia.sampletank.v2.5.2.vsti.dxi.rtas.incl.keygen-amplify.torrent.bits
c:\program files\flashget\torrent\ik.multimedia.sampletank.v2.5.2.vsti.dxi.rtas.incl.keygen-amplify.torrent.filelist
c:\program files\flashget\torrent\ik.multimedia.sampletank.v2.5.2.vsti.dxi.rtas.incl.keygen-amplify.torrent.seeds
c:\program files\flashget\torrent\ohmforce.mobilohm.pro.vst.rtas.v1.21.incl.keygen-air.torrent.bits
c:\program files\flashget\torrent\ohmforce.mobilohm.pro.vst.rtas.v1.21.incl.keygen-air.torrent.filelist
c:\program files\flashget\torrent\ohmforce.mobilohm.pro.vst.rtas.v1.21.incl.keygen-air.torrent.seeds
c:\program files\flashget\torrent\ohmforce.quadfrohmage.pro.vst.rtas.v1.31.incl.keygen-air.torrent.bits
c:\program files\flashget\torrent\ohmforce.quadfrohmage.pro.vst.rtas.v1.31.incl.keygen-air.torrent.filelist
c:\program files\flashget\torrent\ohmforce.quadfrohmage.pro.vst.rtas.v1.31.incl.keygen-air.torrent.seeds
c:\program files\flashget\torrent\psp.audioware.oldtimer.v1.1.6.vst.rtas.incl.keygen-dynamics.torrent.bits
c:\program files\flashget\torrent\psp.audioware.oldtimer.v1.1.6.vst.rtas.incl.keygen-dynamics.torrent.filelist
c:\program files\flashget\torrent\psp.audioware.oldtimer.v1.1.6.vst.rtas.incl.keygen-dynamics.torrent.seeds
c:\program files\flashget\torrent\psp.audioware.vintage.warmer.vst.rtas.v2.1.4.incl.keygen-air.torrent.bits
c:\program files\flashget\torrent\psp.audioware.vintage.warmer.vst.rtas.v2.1.4.incl.keygen-air.torrent.filelist
c:\program files\flashget\torrent\spectrasonics_trilogy_keygen_sharedby_bsurf.zip.torrent.bits
c:\program files\flashget\torrent\spectrasonics_trilogy_keygen_sharedby_bsurf.zip.torrent.filelist
c:\program files\flashget\torrent\voxengo.transgainer.vst.v1.0.x32.x64.incl.keygen-air.torrent.bits
c:\program files\flashget\torrent\voxengo.transgainer.vst.v1.0.x32.x64.incl.keygen-air.torrent.filelist
c:\program files\flashget\torrent\voxengo.transgainer.vst.v1.0.x32.x64.incl.keygen-air.torrent.seeds
c:\program files\steinberg\vstplugins\voxengo harmonieq vst\harmonieq factory presets\snare crack.fxp
c:\program files\waves\plug-ins\xcrackle.dll
c:\program files\waves\plug-ins\documents\xcrackle.pdf
c:\program files\waves\plug-ins\plug-in settings\x-crackle settings.xps
scanner sequence 3.ZZ.11
----- EOF -----
c:\documents and settings\chris\start menu\programs\waves\documents\x-crackle help.lnk
c:\downloads\other software\winamp pro v5.541.2189+keygen[h33t]masteruploader\winamp pro v5.541.2189+keygen[h33t]masteruploader.rar
c:\downloads\pro audio plug-ins\camel audio camelspace vst v1.42 incl keygen-air\a-csp142.rar
c:\downloads\pro audio plug-ins\camel audio camelspace vst v1.42 incl keygen-air\a-csp142.zip
c:\downloads\pro audio plug-ins\camel audio camelspace vst v1.42 incl keygen-air\air.nfo
c:\downloads\pro audio plug-ins\d16.group.toraverb.vst.v1.0.1.incl.keygen.working-air\d16.group.toraverb.vst.v1.0.1.incl.keygen.working-air.rar
c:\downloads\pro audio plug-ins\gforce.the.oddity.vsti.rtas.v1.15.incl.keygen-air\gforce.the.oddity.vsti.rtas.v1.15.incl.keygen-air.rar
c:\downloads\pro audio plug-ins\ik.multimedia.amplitube.jimi.hendrix.v1.0.3.vst.rtas.incl.keygen-dynamics\ik.multimedia.amplitube.jimi.hendrix.v1.0.3.vst.rtas.incl.keygen-dynamics.rar
c:\downloads\pro audio plug-ins\ik.multimedia.amplitube.jimi.hendrix.v1.0.3.vst.rtas.incl.keygen-dynamics\keygen.rar
c:\downloads\pro audio plug-ins\ik.multimedia.amplitube.v2.1.4.vst.rtas.incl.keygen-dynamics\ik.multimedia.amplitube.v2.1.4.vst.rtas.incl.keygen-dynamics.rar
c:\downloads\pro audio plug-ins\novation.bass-station.vsti.v1.5.1.incl.keygen-air\a-nbs150.rar
c:\downloads\pro audio plug-ins\novation.bass-station.vsti.v1.5.1.incl.keygen-air\a-nbs151.zip
c:\downloads\pro audio plug-ins\novation.bass-station.vsti.v1.5.1.incl.keygen-air\air.nfo
c:\downloads\pro audio plug-ins\ohmforce.mobilohm.pro.vst.rtas.v1.21.incl.keygen-air\ohmforce.mobilohm.pro.vst.rtas.v1.21.incl.keygen-air.rar
c:\downloads\pro audio plug-ins\ohmforce.quadfrohmage.pro.vst.rtas.v1.31.incl.keygen-air\ohmforce.quadfrohmage.pro.vst.rtas.v1.31.incl.keygen-air.rar
c:\downloads\pro audio plug-ins\psp.audioware.oldtimer.v1.1.6.vst.rtas.incl.keygen-dynamics\psp.audioware.oldtimer.v1.1.6.vst.rtas.incl.keygen-dynamics.rar
c:\downloads\pro audio plug-ins\psp.audioware.vintage.warmer.vst.rtas.v2.1.4.incl.keygen-air\psp.audioware.vintage.warmer.vst.rtas.v2.1.4.incl.keygen-air.rar
c:\downloads\pro audio plug-ins\trilogy keygen\a-trlkg.rar
c:\downloads\pro audio plug-ins\trilogy keygen\arctic.nfo
c:\downloads\pro audio plug-ins\trilogy keygen\file_id.diz
c:\downloads\pro audio plug-ins\trilogy keygen\nia.nfo
c:\downloads\pro audio plug-ins\trilogy keygen\tnl.nfo
c:\downloads\pro audio plug-ins\voxengo.transgainer.vst.v1.0.x32.x64.incl.keygen-air\voxengo.transgainer.vst.v1.0.x32.x64.incl.keygen-air.rar
c:\program files\common files\native instruments\shared content\sounds\massive\crackle carl.ksd
c:\program files\flashget\torrent\camel audio camelspace vst v1.42 incl keygen-air.torrent.bits
c:\program files\flashget\torrent\camel audio camelspace vst v1.42 incl keygen-air.torrent.filelist
c:\program files\flashget\torrent\camel audio camelspace vst v1.42 incl keygen-air.torrent.seeds
c:\program files\flashget\torrent\d16 drumazon vsti v1.0.3 incl keygen-air.torrent.bits
c:\program files\flashget\torrent\d16 drumazon vsti v1.0.3 incl keygen-air.torrent.filelist
c:\program files\flashget\torrent\d16 drumazon vsti v1.0.3 incl keygen-air.torrent.seeds
c:\program files\flashget\torrent\d16.group.toraverb.vst.v1.0.1.incl.keygen.working-air.torrent.bits
c:\program files\flashget\torrent\d16.group.toraverb.vst.v1.0.1.incl.keygen.working-air.torrent.filelist
c:\program files\flashget\torrent\d16.group.toraverb.vst.v1.0.1.incl.keygen.working-air.torrent.seeds
c:\program files\flashget\torrent\d16.nepheton.vsti.v1.0.5.incl.keygen-air.torrent.bits
c:\program files\flashget\torrent\d16.nepheton.vsti.v1.0.5.incl.keygen-air.torrent.filelist
c:\program files\flashget\torrent\eiosis - e²transiente vst including crack.torrent.bits
c:\program files\flashget\torrent\eiosis - e²transiente vst including crack.torrent.filelist
c:\program files\flashget\torrent\gforce.the.oddity.vsti.rtas.v1.15.incl.keygen-air.torrent.bits
c:\program files\flashget\torrent\gforce.the.oddity.vsti.rtas.v1.15.incl.keygen-air.torrent.filelist
c:\program files\flashget\torrent\gforce.the.oddity.vsti.rtas.v1.15.incl.keygen-air.torrent.seeds
c:\program files\flashget\torrent\ik.multimedia.amplitube.jimi.hendrix.v1.0.3.vst.rtas.incl.keygen-dynamics.torrent.bits
c:\program files\flashget\torrent\ik.multimedia.amplitube.jimi.hendrix.v1.0.3.vst.rtas.incl.keygen-dynamics.torrent.filelist
c:\program files\flashget\torrent\ik.multimedia.amplitube.jimi.hendrix.v1.0.3.vst.rtas.incl.keygen-dynamics.torrent.seeds
c:\program files\flashget\torrent\ik.multimedia.amplitube.v2.1.4.vst.rtas.incl.keygen-dynamics.torrent.bits
c:\program files\flashget\torrent\ik.multimedia.amplitube.v2.1.4.vst.rtas.incl.keygen-dynamics.torrent.filelist
c:\program files\flashget\torrent\ik.multimedia.amplitube.v2.1.4.vst.rtas.incl.keygen-dynamics.torrent.seeds
c:\program files\flashget\torrent\ik.multimedia.sampletank.v2.5.2.vsti.dxi.rtas.incl.keygen-amplify.torrent.bits
c:\program files\flashget\torrent\ik.multimedia.sampletank.v2.5.2.vsti.dxi.rtas.incl.keygen-amplify.torrent.filelist
c:\program files\flashget\torrent\ik.multimedia.sampletank.v2.5.2.vsti.dxi.rtas.incl.keygen-amplify.torrent.seeds
c:\program files\flashget\torrent\ohmforce.mobilohm.pro.vst.rtas.v1.21.incl.keygen-air.torrent.bits
c:\program files\flashget\torrent\ohmforce.mobilohm.pro.vst.rtas.v1.21.incl.keygen-air.torrent.filelist
c:\program files\flashget\torrent\ohmforce.mobilohm.pro.vst.rtas.v1.21.incl.keygen-air.torrent.seeds
c:\program files\flashget\torrent\ohmforce.quadfrohmage.pro.vst.rtas.v1.31.incl.keygen-air.torrent.bits
c:\program files\flashget\torrent\ohmforce.quadfrohmage.pro.vst.rtas.v1.31.incl.keygen-air.torrent.filelist
c:\program files\flashget\torrent\ohmforce.quadfrohmage.pro.vst.rtas.v1.31.incl.keygen-air.torrent.seeds
c:\program files\flashget\torrent\psp.audioware.oldtimer.v1.1.6.vst.rtas.incl.keygen-dynamics.torrent.bits
c:\program files\flashget\torrent\psp.audioware.oldtimer.v1.1.6.vst.rtas.incl.keygen-dynamics.torrent.filelist
c:\program files\flashget\torrent\psp.audioware.oldtimer.v1.1.6.vst.rtas.incl.keygen-dynamics.torrent.seeds
c:\program files\flashget\torrent\psp.audioware.vintage.warmer.vst.rtas.v2.1.4.incl.keygen-air.torrent.bits
c:\program files\flashget\torrent\psp.audioware.vintage.warmer.vst.rtas.v2.1.4.incl.keygen-air.torrent.filelist
c:\program files\flashget\torrent\spectrasonics_trilogy_keygen_sharedby_bsurf.zip.torrent.bits
c:\program files\flashget\torrent\spectrasonics_trilogy_keygen_sharedby_bsurf.zip.torrent.filelist
c:\program files\flashget\torrent\voxengo.transgainer.vst.v1.0.x32.x64.incl.keygen-air.torrent.bits
c:\program files\flashget\torrent\voxengo.transgainer.vst.v1.0.x32.x64.incl.keygen-air.torrent.filelist
c:\program files\flashget\torrent\voxengo.transgainer.vst.v1.0.x32.x64.incl.keygen-air.torrent.seeds
c:\program files\steinberg\vstplugins\voxengo harmonieq vst\harmonieq factory presets\snare crack.fxp
c:\program files\waves\plug-ins\xcrackle.dll
c:\program files\waves\plug-ins\documents\xcrackle.pdf
c:\program files\waves\plug-ins\plug-in settings\x-crackle settings.xps
scanner sequence 3.ZZ.11
----- EOF -----
Hi Appro
Note:
We do not support the use of illegal Pirated/Warez/Cracked software.
Helping a person who insists on using such software, could be construed in the eyes of the law to be aiding and abetting a crime. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms.
There is a high risk of infection involved in downloading and running crack codes, who wants Virut, and the possibility of your computer being turned into a zombie machine. In other words the computer won't be "yours" any longer.
before we can continue please remove all "illegals" programs
Thanks peku006
Note:
We do not support the use of illegal Pirated/Warez/Cracked software.
Helping a person who insists on using such software, could be construed in the eyes of the law to be aiding and abetting a crime. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms.
There is a high risk of infection involved in downloading and running crack codes, who wants Virut, and the possibility of your computer being turned into a zombie machine. In other words the computer won't be "yours" any longer.
before we can continue please remove all "illegals" programs
Thanks peku006
Last edited:
Hi Appro
1 - Clean temp files
NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
2 - Eset online scannner
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Eset online scannner report
2. a fresh HijackThis log
Thanks peku006
1 - Clean temp files
- Please download TFC to your desktop
- Save any unsaved work. TFC will close all open application windows.
- Double-click TFC.exe to run the program.
- If prompted, click Yes to reboot.
NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
2 - Eset online scannner
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- Please go here then click on:
- Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on:
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Eset online scannner report
2. a fresh HijackThis log
Thanks peku006
ESET:
ESETSmartInstaller@High as downloader log:
all ok
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:56 PM, on 2/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21183)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Phase28Panel] "C:\Program Files\TerraTec\PHASE 22 & 28 ControlPanel\Protecmixer.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
--
End of file - 8684 bytes
ESETSmartInstaller@High as downloader log:
all ok
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:56 PM, on 2/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21183)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Phase28Panel] "C:\Program Files\TerraTec\PHASE 22 & 28 ControlPanel\Protecmixer.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
--
End of file - 8684 bytes
Hi Appro
Your log now appears to be clean. Congratulations! :yahoo:
To remove all of the tools we used and the files and folders they created do the following:
Delete RootRepeal ,TDSS Killer and CKScanner from your desktop.
Download OTC by Old Timer and save it to your Desktop.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep ......Malwarebytes' Anti-Malware Scanning Guide.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Here are some things that I think are worth having a look at if you don't already know a bout them:.
Spybot Search and Destroy
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here
WinPatrol
Download it from here
Here you can find information about how WinPatrol works here
FireTrust SiteHound
You can find information and download it from here
MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information here how to prevent Malware.
I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
Happy safe surfing! :bigthumb:
peku006
Your log now appears to be clean. Congratulations! :yahoo:
To remove all of the tools we used and the files and folders they created do the following:
Delete RootRepeal ,TDSS Killer and CKScanner from your desktop.
Download OTC by Old Timer and save it to your Desktop.
- Double-click OTC.exe
- Click the CleanUp! button
- Select Yes when the Begin cleanup Process? Prompt appears
- If you are prompted to Reboot during the cleanup, select Yes
- The tool will delete itself once it finishes, if not delete it by yourself
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep ......Malwarebytes' Anti-Malware Scanning Guide.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- Check Turn off System Restore.
- Click Apply, and then click OK.
- Reboot.
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- UN-Check *Turn off System Restore*.
- Click Apply, and then click OK.
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Here are some things that I think are worth having a look at if you don't already know a bout them:.
Spybot Search and Destroy
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here
WinPatrol
Download it from here
Here you can find information about how WinPatrol works here
FireTrust SiteHound
You can find information and download it from here
MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information here how to prevent Malware.
I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
Happy safe surfing! :bigthumb:
peku006
Thank you SO MUCH for your help Peku! I am truly amazed by your security skills and extremely grateful for all the time you spent helping me solve my problem.
You've saved me a great deal of work and important files which I could have lost had this problem not been fixed. I'm a music producer, have a listen to my work at http://soundcloud.com/rigez
Thanks, Regards
You've saved me a great deal of work and important files which I could have lost had this problem not been fixed. I'm a music producer, have a listen to my work at http://soundcloud.com/rigez
Thanks, Regards
As this issue appears to be resolved, this topic is now closed
We are pleased to have been some help in getting you clean.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D!
We are pleased to have been some help in getting you clean.
If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D!