Hi kindly help.. Virus help - Free Antivirus Forum

Hi kindly help.. Virus help

BullGuard Antivirus Forum > Virus Removal > Removal Tools > Hi kindly help.. Virus help

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Gokul
New Member

Date Joined Dec 2007
Total Posts : 14

Posted 12-14-2007 11:44 (GMT +1)

hi,
My comp reports lots of malware and everything. i have posted all the logs.. except the avg log.. which dint ask me for a report.

the rest i have attached.. pls help

All logs attached.. pls help.. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:39 PM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\eTSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\YPOPs\ypops.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Goks\Desktop\New Folder\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [DSLAGENTEXE] "dslagent.exe" USB
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~2\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~2\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~2\save.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.samsung.com/plugin/vmpinstaller/installer/components/MTSInstallers/MetaStream3.cab?url=http://www.samsungblackjack.com/3d/SGH-i607/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUploader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.dotphoto.com/XUpload.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Goks/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 10069 bytes
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 07-12-12.3 - Goks 2007-12-13 18:01:20.1 - NTFSx86
Running from: C:\Documents and Settings\Goks\Desktop\New Folder\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip

.
((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-13 18:09 . 2007-12-13 18:09 31,534 --a------ C:\WINDOWS\system32\avpo0.dll.vir
2007-12-13 18:08 . 2007-12-13 18:08 44,083 --a------ C:\WINDOWS\system32\amvo1.dll.vir
2007-12-13 18:08 . 2007-12-13 18:08 44,083 --a------ C:\WINDOWS\system32\amvo0.dll.vir
2007-12-13 14:12 . 2007-12-13 14:12 <DIR> d-------- C:\Documents and Settings\Goks\Application Data\Grisoft
2007-12-13 14:11 . 2007-12-13 14:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-13 14:11 . 2007-05-30 17:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-11 15:00 . 2007-12-11 15:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-12-11 14:59 . 2007-12-13 15:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-11 14:59 . 2007-12-11 14:59 <DIR> d-------- C:\Program Files\CCleaner
2007-12-11 14:59 . 2007-12-13 15:11 <DIR> d-------- C:\Documents and Settings\Goks\Application Data\SUPERAntiSpyware.com
2007-12-10 11:22 . 2007-12-10 11:22 121,429 ---hs---- C:\nideiect.com
2007-12-10 11:22 . 2007-12-10 11:22 44,083 ---hs---- C:\WINDOWS\system32\amvo1.dll
2007-12-10 11:22 . 2007-12-13 18:09 260 -r-hs---- C:\autorun.inf
2007-12-10 11:21 . 2007-12-10 11:22 121,429 ---hs---- C:\WINDOWS\system32\amvo.exe
2007-12-10 11:21 . 2007-12-13 09:40 44,083 ---hs---- C:\WINDOWS\system32\amvo0.dll
2007-12-10 11:21 . 2007-12-10 11:21 31,534 --a------ C:\WINDOWS\system32\avpo0.dll
2007-12-03 20:37 . 2007-12-12 18:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-03 20:37 . 2007-12-03 20:37 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-03 20:16 . 2007-12-03 20:35 <DIR> d-------- C:\Program Files\QuickTime
2007-12-03 19:52 . 2007-12-04 02:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-03 19:52 . 2007-12-03 19:52 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-27 13:23 . 2007-11-27 13:23 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2007-11-27 13:23 . 2007-11-27 13:23 3,625 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2007-11-27 13:17 . 2007-11-27 13:17 <DIR> d-------- C:\Program Files\Illustrate
2007-11-27 13:17 . 2007-11-27 13:17 <DIR> d-------- C:\Documents and Settings\Goks\Application Data\AccurateRip
2007-11-27 13:17 . 2007-11-27 13:16 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2007-11-27 13:17 . 2007-11-27 13:17 13,015 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-11-17 11:47 . 2007-11-17 11:47 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-17 11:41 . 2006-08-21 14:44 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-17 11:41 . 2006-08-21 14:44 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-17 11:41 . 2006-08-21 17:51 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-17 11:37 . 2007-11-17 11:37 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-17 08:02 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-17 08:02 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-17 08:02 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-16 12:42 . 2007-11-16 12:42 <DIR> d-------- C:\Program Files\Windows Live
2007-11-16 12:42 . 2007-11-17 12:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2007-11-16 12:11 . 2007-08-20 15:34 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-16 12:11 . 2007-04-17 15:02 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-16 12:11 . 2007-03-08 10:40 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-16 12:11 . 2007-08-20 15:34 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-16 12:11 . 2007-08-20 15:34 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-16 12:11 . 2007-08-20 15:34 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-16 12:11 . 2007-08-20 15:34 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-16 12:11 . 2007-08-20 15:34 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-16 12:11 . 2007-08-17 15:50 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-16 11:59 . 2007-11-16 11:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2007-11-16 11:00 . 2007-07-09 18:46 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-16 10:18 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-11-16 10:18 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-11-16 10:18 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-16 10:18 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 12:39 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-12-13 09:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-13 04:10 --------- d-----w C:\Program Files\YPOPs
2007-12-13 04:08 --------- d-----w C:\Program Files\FlashGet
2007-12-12 10:02 3,982 ---ha-w C:\WINDOWSkj01d.sys
2007-12-11 09:37 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-12-11 07:06 --------- d-----w C:\Documents and Settings\Goks\Application Data\U3
2007-12-03 15:06 --------- d-----w C:\Program Files\iPod
2007-12-03 14:46 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-12-02 08:27 --------- d-----w C:\Documents and Settings\Goks\Application Data\MegauploadToolbar
2007-12-01 08:17 --------- d-----w C:\Program Files\Yahoo!
2007-12-01 08:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2007-11-27 07:52 1,071,480 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-11-27 04:11 --------- d-----w C:\Program Files\MegauploadToolbar
2007-11-25 06:32 --------- d-----w C:\Program Files\Picasa2
2007-11-21 08:38 --------- d-----w C:\Documents and Settings\Goks\Application Data\dvdcss
2007-11-19 07:19 159 ----a-w C:\Program Files\INSTALL.LOG
2007-11-17 06:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2007-11-16 06:29 --------- d-----w C:\Documents and Settings\Goks\Application Data\Yahoo!
2007-11-15 13:29 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-30 18:39 --------- d-----w C:\Program Files\Anton Tomov
2007-10-29 05:21 --------- d-----w C:\Program Files\ThemeMakerMcDeb
2007-10-29 04:41 --------- d-----w C:\Program Files\Google
2006-04-08 05:43 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-02 15:19 C:\WINDOWS\system32\nview.dll]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39]
"amva"="C:\WINDOWS\system32\amvo.exe" [2007-12-10 11:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLAGENTEXE"="dslagent.exe" [2002-05-02 11:15 C:\WINDOWS\system32\dslagent.exe]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-17 17:07]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-04-10 18:10]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-29 10:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 14:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 02:48]

C:\Documents and Settings\Goks\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]
YPOPs.lnk - C:\Program Files\YPOPs\ypops.exe [2007-12-10 10:29:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"= 00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^BTTray.lnk]
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Q-type2.2.lnk]
backup=C:\WINDOWS\pss\Q-type2.2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Goks^Start Menu^Programs^Startup^1-Calc.lnk]
backup=C:\WINDOWS\pss\1-Calc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Goks^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Goks^Start Menu^Programs^Startup^YPOPs.lnk]
backup=C:\WINDOWS\pss\YPOPs.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobemgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2006-03-22 14:01 851968 --a------ C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTCertManger]
2006-01-25 15:03 98304 --a------ C:\WINDOWS\system32\eTCrtMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSICONEXE]
GSICON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 13:39 1289000 --a------ C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NaviSearch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoonR]
C:\Program Files\SoonR\SoonR Desktop Client\SoonrClient.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-08-19 17:23 32873 --a------ C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super Audio Grabber 3.0]
C:\Program Files\Ailansoft\Super Audio Grabber 3.0\SAGrab.exe/a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a22c906-a54a-11dc-af0d-000779300101}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c2d47b4-7512-11da-a28b-000779300101}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
\Shell\é_†™\command - J:\NETSVCS.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7caf5076-9f76-11dc-aefd-000779300101}]
\Shell\AutoRun\command - J:\nideiect.com
\Shell\explore\Command - J:\nideiect.com
\Shell\open\Command - J:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26f693-83dd-11d8-82f1-806d6172696f}]
\Shell\AutoRun\command - C:\nideiect.com
\Shell\explore\Command - C:\nideiect.com
\Shell\open\Command - C:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26f694-83dd-11d8-82f1-806d6172696f}]
\Shell\AutoRun\command - G:\nideiect.com
\Shell\explore\Command - G:\nideiect.com
\Shell\open\Command - G:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26f695-83dd-11d8-82f1-806d6172696f}]
\Shell\AutoRun\command - nideiect.com
\Shell\explore\Command - nideiect.com
\Shell\open\Command - nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26f696-83dd-11d8-82f1-806d6172696f}]
\Shell\AutoRun\command - nideiect.com
\Shell\explore\Command - nideiect.com
\Shell\open\Command - nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a26f697-83dd-11d8-82f1-806d6172696f}]
\Shell\AutoRun\command - nideiect.com
\Shell\explore\Command - nideiect.com
\Shell\open\Command - nideiect.com

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 18:10:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-13 18:13:19
.
2007-11-17 06:24:12 --- E O F ---
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
Thu 12/13/2007 17:54:31.71

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 17:54:35
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d18011687]
"0017e3b52706"=hex:bb,dc,31,67,31,7f,b8,bf,a1,bb,1f,3a,c9,62,fc,be
"00194f42a6fa"=hex:ae,2d,2b,fc,5b,a8,ba,99,09,0c,ba,e9,54,aa,1c,b6
"001c624fcfbe"=hex:cb,e6,de,6f,ee,10,e2,74,65,8a,2e,28,07,ed,9a,e9
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000d18011687]
"0017e3b52706"=hex:bb,dc,31,67,31,7f,b8,bf,a1,bb,1f,3a,c9,62,fc,be
"00194f42a6fa"=hex:ae,2d,2b,fc,5b,a8,ba,99,09,0c,ba,e9,54,aa,1c,b6
"001c624fcfbe"=hex:cb,e6,de,6f,ee,10,e2,74,65,8a,2e,28,07,ed,9a,e9

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 12-14-2007 12:31 (GMT +1)

No need to make all the new topics, it will speed things up if you stick to this thread, where I´m waiting for reply:

http://www.bullguard.com/forum/9/Hi-kindly-help-Virus-help_57439.html

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Gokul
New Member

Date Joined Dec 2007
Total Posts : 14

Posted 12-15-2007 7:53 (GMT +1)

No need to make all the new topics, it will speed things up if you stick to this thread, where I´m waiting for reply:
http://www.bullguard.com/forum/9/Hi-kindly-help-Virus-help_57439.html

hey man the other thread is locked.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 12-16-2007 7:20 (GMT +1)

Sorry

It is opened again

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Saturday, November 21, 2009 1:42 PM (GMT +1)
There are a total of 73.031 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 69 reply posts. View Active Threads