infected

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kingW3

Thread Starter
Joined
Nov 16, 2010
Messages
64
i got files on my hardrive wheres windows and on another
s3ug 70 KB
s20g 70 KB
scg 70 KB
scg.1 1 KB
s20g.qm 0 KB
srk 70 KB
srk.qm 0 KB
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:19 PM, on 1/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.php?rvs=google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.php?rvs=google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...downloads.phpnuke.org/en/index.php?rvs=google
R3 - URLSearchHook: Eurobattle.net Toolbar - {81f0e13c-8923-41e5-a021-a4c58c6f8630} - C:\Program Files\Eurobattle.net\tbEuro.dll
O2 - BHO: ShopperReports - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Windows Live ID Sign-in Helper - {7C14512B-4088-384C-1732-5E3C3BEE2BC4} - C:\WINDOWS\system32\mqsecc.dll
O2 - BHO: Eurobattle.net Toolbar - {81f0e13c-8923-41e5-a021-a4c58c6f8630} - C:\Program Files\Eurobattle.net\tbEuro.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Eurobattle.net Toolbar - {81f0e13c-8923-41e5-a021-a4c58c6f8630} - C:\Program Files\Eurobattle.net\tbEuro.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteSABHO.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1289567336750
O16 - DPF: {73848533-39E1-49F1-9363-28054268C094} (FileInterface Class) - https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} (SecAPI Class) - https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6889 bytes
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
Don`t post logs in Code boxes, just paste to your reply, also give better description of problem. "Infected" how? what with? what is happening?
 

kingW3

Thread Starter
Joined
Nov 16, 2010
Messages
64
my internet is kinda slower
dds log


DDS (Ver_10-12-12.01) - NTFSx86
Run by Broj Jedan at 12:08:14.35 on Sat 01/22/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.801 [GMT 1:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Program Files\Warcraft III\war3.exe
C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Broj Jedan\My Documents\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp
uSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=google
mSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=google
uURLSearchHooks: Eurobattle.net Toolbar: {81f0e13c-8923-41e5-a021-a4c58c6f8630} - c:\program files\eurobattle.net\tbEuro.dll
BHO: ShopperReports: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shopperreports3\bin\3.0.517.0\ShopperReports.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Windows Live ID Sign-in Helper: {7c14512b-4088-384c-1732-5e3c3bee2bc4} - c:\windows\system32\mqsecc.dll
BHO: Eurobattle.net Toolbar: {81f0e13c-8923-41e5-a021-a4c58c6f8630} - c:\program files\eurobattle.net\tbEuro.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Eurobattle.net Toolbar: {81f0e13c-8923-41e5-a021-a4c58c6f8630} - c:\program files\eurobattle.net\tbEuro.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
EB: ShopperReports – Price Comparison: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shopperreports3\bin\3.0.517.0\ShopperReports.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} - c:\program files\clickpotatolite\bin\10.0.646.0\ClickPotatoLiteSABHO.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shopperreports3\bin\3.0.517.0\ShopperReports.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shopperreports3\bin\3.0.517.0\ShopperReports.dll
Trusted Zone: chesscube.com\www
Trusted Zone: raiffeisenbank.rs\rol
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289567336750
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 MpKsl5e7456d6;MpKsl5e7456d6;c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{c696c04c-e7d0-4630-bc65-979b16e166f8}\MpKsl5e7456d6.sys [2011-1-22 28752]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2010-6-9 6369]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\brojje~1\locals~1\temp\bst8.tmp --> c:\docume~1\brojje~1\locals~1\temp\BST8.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;e:\program files\garena\plugins\ui\safedrv.sys [2010-10-25 22112]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2005-6-30 166720]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-4-14 27136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Apache2.2;Apache2.2;c:\vule ser\xampplite\apache\bin\httpd.exe [2010-12-11 29416]
S4 d2cs;d2cs service;c:\documents and settings\broj jedan\my documents\downloads\pvpgn-1.8.5\d2csconsole.exe --service --> c:\documents and settings\broj jedan\my documents\downloads\pvpgn-1.8.5\d2csConsole.exe --service [?]
S4 d2dbs;d2dbs service;c:\documents and settings\broj jedan\my documents\downloads\pvpgn-1.8.5\d2dbsconsole.exe --service --> c:\documents and settings\broj jedan\my documents\downloads\pvpgn-1.8.5\d2dbsConsole.exe --service [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-10 136176]
S4 pvpgn;PvPGN service;c:\documents and settings\broj jedan\my documents\downloads\pvpgn-1.8.5\pvpgnconsole.exe --service --> c:\documents and settings\broj jedan\my documents\downloads\pvpgn-1.8.5\PvPGNConsole.exe --service [?]
S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2010-4-14 716024]

=============== Created Last 30 ================

2011-01-22 09:36:03 28752 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{c696c04c-e7d0-4630-bc65-979b16e166f8}\MpKsl5e7456d6.sys
2011-01-22 09:35:48 5890896 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{c696c04c-e7d0-4630-bc65-979b16e166f8}\mpengine.dll
2011-01-19 14:51:55 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-01-19 14:51:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-01-19 14:51:21 112832 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\vcexpress\10.0\1033\ResourceCache.dll
2011-01-19 14:48:09 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-01-19 14:48:08 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-01-19 14:48:08 -------- d-----w- c:\program files\common files\Merge Modules
2011-01-19 13:57:57 -------- d-----w- c:\windows\ServicePackFiles
2011-01-19 13:38:14 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2011-01-19 12:39:41 -------- d-----w- C:\boost_1_38_0
2011-01-18 21:45:34 -------- d--h--w- c:\windows\$hf_mig$
2011-01-18 21:37:41 16896 ----a-w- c:\windows\system32\SET12F5.tmp
2011-01-18 21:37:40 24576 ----a-w- c:\windows\system32\SET12EF.tmp
2011-01-18 21:37:37 539136 ----a-w- c:\windows\system32\SET12C8.tmp
2011-01-18 21:37:37 177152 ----a-w- c:\windows\system32\SET12CA.tmp
2011-01-18 21:37:33 75776 ----a-w- c:\windows\system32\SET12A3.tmp
2011-01-18 21:37:32 354304 ----a-w- c:\windows\system32\SET1298.tmp
2011-01-18 21:37:32 15872 ----a-w- c:\windows\system32\SET129C.tmp
2011-01-18 21:37:31 80896 ----a-w- c:\windows\system32\SET1293.tmp
2011-01-18 21:37:29 -------- d-----w- c:\windows\system32\scripting
2011-01-18 21:37:28 -------- d-----w- c:\windows\l2schemas
2011-01-18 21:37:27 -------- d-----w- c:\windows\system32\en
2011-01-18 21:37:27 -------- d-----w- c:\windows\system32\bits
2011-01-18 21:32:59 4096 ----a-w- c:\program files\common files\system\ole db\SET52E.tmp
2011-01-18 21:31:59 6656 ----a-w- c:\windows\system32\SET377.tmp
2011-01-18 21:30:59 52736 ----a-w- c:\windows\system32\SET1EA.tmp
2011-01-18 21:30:59 22528 ----a-w- c:\windows\system32\SET1EE.tmp
2011-01-18 21:30:59 19456 ----a-w- c:\windows\system32\SET1F0.tmp
2011-01-18 21:30:59 18432 ----a-w- c:\windows\system32\SET1EC.tmp
2011-01-18 21:30:58 91648 ----a-w- c:\windows\system32\SET1E8.tmp
2011-01-18 21:30:58 483840 ----a-w- c:\windows\system32\SET1E9.tmp
2011-01-18 21:30:56 -------- d-----w- c:\windows\network diagnostic
2011-01-18 21:29:15 19569 ----a-w- c:\windows\003093_.tmp
2011-01-18 21:26:03 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-01-18 21:26:03 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-01-18 21:26:03 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-01-18 21:26:03 264832 ----a-w- c:\windows\system32\drivers\http.sys
2011-01-18 21:26:03 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-01-18 21:26:03 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-01-18 21:26:03 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
2011-01-18 21:26:03 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-01-17 22:54:45 -------- d-----w- c:\docume~1\brojje~1\applic~1\CasinoOnNet
2011-01-17 22:54:33 -------- d-----w- c:\program files\CasinoOnNet
2011-01-15 22:54:00 -------- d-----w- c:\program files\QuestBrwSearch
2011-01-15 22:54:00 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\QuestBrwSearch
2011-01-15 22:53:49 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\ClickPotatoLiteSA
2011-01-15 22:53:49 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2011-01-15 22:53:47 -------- d-----w- c:\program files\ClickPotatoLite
2011-01-15 22:53:47 -------- d-----w- c:\docume~1\brojje~1\applic~1\ClickPotatoLite
2011-01-15 22:53:36 -------- d-----w- c:\program files\ShopperReports3
2011-01-15 22:53:36 -------- d-----w- c:\docume~1\brojje~1\applic~1\ShopperReports3
2011-01-11 09:25:50 -------- d-----w- c:\docume~1\brojje~1\applic~1\XnView
2011-01-09 22:06:01 -------- d-----w- C:\Dev-Cpp
2011-01-09 20:56:04 -------- d-----w- c:\docume~1\brojje~1\locals~1\applic~1\Identities
2011-01-08 10:23:39 282928 ----a-w- c:\windows\system32\HMIPCore.dll
2011-01-07 23:34:44 -------- d-----w- c:\docume~1\brojje~1\applic~1\Hide IP NG
2011-01-07 23:20:06 -------- d-----w- c:\documents and settings\broj jedan\WINDOWS
2011-01-07 17:48:08 272896 ----a-w- C:\WC3 Multi Lossbot 1.2 (1).exe
2011-01-05 20:21:25 -------- d-----w- c:\program files\MySQL
2011-01-03 22:19:37 -------- d-----w- c:\docume~1\brojje~1\locals~1\applic~1\ghost_configurator
2011-01-03 16:11:58 -------- d-----w- c:\docume~1\brojje~1\applic~1\GetRightToGo
2011-01-03 15:55:51 -------- d-----w- c:\docume~1\brojje~1\locals~1\applic~1\TSVNCache
2011-01-03 15:39:37 -------- d-----w- c:\docume~1\brojje~1\applic~1\TortoiseSVN
2011-01-03 15:34:13 -------- d-----w- c:\docume~1\brojje~1\applic~1\Subversion
2011-01-03 15:26:50 -------- d-----w- c:\program files\common files\TortoiseOverlays
2011-01-03 15:26:49 -------- d-----w- c:\program files\TortoiseSVN
2010-12-31 21:05:45 -------- d-----w- c:\docume~1\brojje~1\applic~1\Dev-Cpp
2010-12-31 19:30:14 90112 ----a-w- c:\windows\system32\d3x8.dll
2010-12-30 12:50:17 -------- d-----w- c:\docume~1\brojje~1\applic~1\TS3Client
2010-12-30 12:48:55 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-12-29 17:15:39 -------- d-----w- c:\program files\Garena
2010-12-27 17:20:02 -------- d-----w- c:\program files\Visual Pinball

==================== Find3M ====================

2010-11-12 15:54:02 592 ----a-w- c:\windows\chgkey.vbs
2010-11-12 13:43:14 1057 ----a-w- C:\xplicense.reg
2010-11-10 18:03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-30 09:16:12 1107336 ----a-w- c:\program files\hamachi-2.exe

============= FINISH: 12:09:27.70 ===============
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
Post the Attach Txt from DDS . Next run the following :-

Please run the MGA Diagnostic Tool and post back the report it creates:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

Kevin
 

kingW3

Thread Starter
Joined
Nov 16, 2010
Messages
64
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-B4P6V-6FDFP-T7FW3
Windows Product Key Hash: 0JZxxbGgx5nNC9sWopI0sH421uA=
Windows Product ID: 55274-641-2930734-23362
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {7991809C-3764-4EC0-BDBA-3BD371FDB264}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7991809C-3764-4EC0-BDBA-3BD371FDB264}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-T7FW3</PKey><PID>55274-641-2930734-23362</PID><PIDType>1</PIDType><SID>S-1-5-21-2025429265-329068152-725345543</SID><SYSTEM><Manufacturer>ECS</Manufacturer><Model>915PL-A2</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080011 </Version><SMBIOSVersion major="2" minor="3"/><Date>20050629000000.000000+000</Date></BIOS><HWID>21A4317F01844E7D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57248</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1900C:Elitegroup Computer Systems Co Ltd|13C1D:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
Where did you get your version of Windows XP from? Also Microsoft Office, both are running of Volume License Keys
The key for XP has passed but VLK are usually attributed to Businesses and Educational Authorities etc, not personal systems.
The Key for your copy of MS office is blocked.

Any comments??
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
Hiya kingW3,

OK, thanks for the explanation. Proceed as follows please :-

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

Combofix

Don`t forget Combofix must be saved to your desktop. <--Very important, do not save to or run from anyehere else

Before saving Combofix to the Desktop rename to Gotcha.exe as below:



Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

Please include the C:\ComboFix.txt in your next reply for further review.

Examples of how to disable realtime protection available at the following link :-

Disable realtime protection

Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in your reply please..

Kevin
 

kingW3

Thread Starter
Joined
Nov 16, 2010
Messages
64
i can rename it and run scan again
heres the log

ComboFix 11-01-25.03 - Broj Jedan 01/26/2011 14:44:50.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1242 [GMT 1:00]
Running from: c:\documents and settings\Broj Jedan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA
c:\documents and settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
c:\documents and settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat
c:\documents and settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
c:\documents and settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat
c:\documents and settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
c:\documents and settings\All Users.WINDOWS\Application Data\QuestBrwSearch
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ClickPotato
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ClickPotato\About Us.lnk
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ShopperReports
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ShopperReports\About Us.lnk
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ShopperReports\Customer Support.lnk
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\documents and settings\Broj Jedan\Application Data\ClickPotatoLite
c:\documents and settings\Broj Jedan\Application Data\ShopperReports3
c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\Config.xml
c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs
c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\db\Sites.dbs
c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip
c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml
c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\report\send_storage.xml
c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs
c:\documents and settings\vule.VANK\Application Data\ShopperReports3
c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\Config.xml
c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs
c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\db\Sites.dbs
c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip
c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml
c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\report\send_storage.xml
c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\res2\WhiteList.dbs
c:\program files\ClickPotatoLite
c:\program files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteSAAX.dll
c:\program files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteSABHO.dll
c:\program files\ClickPotatoLite\bin\10.0.646.0\ClickpotatoLiteSAHook.dll
c:\program files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteUninstaller.exe
c:\program files\ClickPotatoLite\bin\10.0.646.0\firefox\extensions\install.rdf
c:\program files\ClickPotatoLite\bin\10.0.646.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00B17FF1
c:\program files\MyWebSearch\bar\Cache\00B18540
c:\program files\MyWebSearch\bar\Cache\00B186A7.bin
c:\program files\MyWebSearch\bar\Cache\00B18715.bmp
c:\program files\MyWebSearch\bar\Cache\00B18772.bin
c:\program files\MyWebSearch\bar\Cache\00B187FF.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\8_step1.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\bkez.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkgr.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkgs.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bklf.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkrg.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzc.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzl.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzn.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzq.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzr.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzu.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzv.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzw.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2d.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2r.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3d.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3r.png
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut4.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut4b.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut4c.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shield.png
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\QuestBrwSearch
c:\program files\QuestBrwSearch\questbrwsearch.dll
c:\program files\QuestBrwSearch\questbrwsearch.exe
c:\program files\QuestBrwSearch\uninstall.exe
c:\program files\ShopperReports3
c:\program files\ShopperReports3\bin\3.0.517.0\BRNstIE.dll
c:\program files\ShopperReports3\bin\3.0.517.0\CmndFF.dll
c:\program files\ShopperReports3\bin\3.0.517.0\CnTNtcntr.dll
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt
c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files\ShopperReports3\bin\3.0.517.0\link.ico
c:\program files\ShopperReports3\bin\3.0.517.0\moZIllaps.dll
c:\program files\ShopperReports3\bin\3.0.517.0\Pltfrm.dll
c:\program files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll
c:\program files\ShopperReports3\bin\3.0.517.0\ShopperReportsUninstaller.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\_004763_.tmp.dll
c:\windows\system32\_004764_.tmp.dll
c:\windows\system32\_004765_.tmp.dll
c:\windows\system32\_004766_.tmp.dll
c:\windows\system32\_004773_.tmp.dll
c:\windows\system32\_004774_.tmp.dll
c:\windows\system32\_004775_.tmp.dll
c:\windows\system32\_004776_.tmp.dll
c:\windows\system32\_004778_.tmp.dll
c:\windows\system32\_004779_.tmp.dll
c:\windows\system32\_004782_.tmp.dll
c:\windows\system32\_004783_.tmp.dll
c:\windows\system32\_004785_.tmp.dll
c:\windows\system32\_004786_.tmp.dll
c:\windows\system32\_004787_.tmp.dll
c:\windows\system32\_004789_.tmp.dll
c:\windows\system32\_004792_.tmp.dll
c:\windows\system32\_004793_.tmp.dll
c:\windows\system32\_004797_.tmp.dll
c:\windows\system32\_004798_.tmp.dll
c:\windows\system32\_004800_.tmp.dll
c:\windows\system32\_004803_.tmp.dll
c:\windows\system32\_004805_.tmp.dll
c:\windows\system32\_004806_.tmp.dll
c:\windows\system32\_004808_.tmp.dll
c:\windows\system32\_004809_.tmp.dll
c:\windows\system32\_004812_.tmp.dll
c:\windows\system32\_004813_.tmp.dll
c:\windows\system32\_004814_.tmp.dll
c:\windows\system32\_004815_.tmp.dll
c:\windows\system32\_004816_.tmp.dll
c:\windows\system32\_004821_.tmp.dll
c:\windows\system32\_004823_.tmp.dll
c:\windows\system32\_004824_.tmp.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\midas.dll
G:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
.

2011-01-26 13:34 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97EA4637-2D48-44D7-9969-350A07B0CF2D}\mpengine.dll
2011-01-26 13:34 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-26 13:34 . 2011-01-26 13:35 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-24 13:36 . 2011-01-24 13:37 -------- d-----w- c:\documents and settings\vule.VANK\Local Settings\Application Data\Temp
2011-01-24 13:36 . 2011-01-24 13:38 -------- d-----w- c:\documents and settings\vule.VANK\Local Settings\Application Data\Google
2011-01-24 13:10 . 2011-01-24 13:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2011-01-19 14:51 . 2011-01-19 14:51 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-01-19 14:51 . 2011-01-19 14:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-01-19 14:51 . 2011-01-19 14:51 112832 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-01-19 14:48 . 2011-01-19 14:48 -------- d-----w- c:\windows\symbols
2011-01-19 14:48 . 2011-01-19 14:48 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-01-19 14:48 . 2011-01-19 14:49 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-01-19 14:48 . 2011-01-19 14:48 -------- d-----w- c:\program files\Microsoft SDKs
2011-01-19 14:48 . 2011-01-19 14:48 -------- d-----w- c:\program files\Common Files\Merge Modules
2011-01-19 13:57 . 2011-01-19 14:01 -------- d-----w- c:\windows\ServicePackFiles
2011-01-19 13:38 . 2004-08-03 21:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2011-01-19 12:39 . 2011-01-19 14:59 -------- d-----w- C:\boost_1_38_0
2011-01-18 21:45 . 2011-01-19 13:10 -------- d--h--w- c:\windows\$hf_mig$
2011-01-18 21:37 . 2008-04-14 04:41 16896 ----a-w- c:\windows\system32\SET12F5.tmp
2011-01-18 21:37 . 2008-04-14 04:41 24576 ----a-w- c:\windows\system32\SET12EF.tmp
2011-01-18 21:37 . 2008-04-14 04:42 539136 ----a-w- c:\windows\system32\SET12C8.tmp
2011-01-18 21:37 . 2008-04-14 04:40 177152 ----a-w- c:\windows\system32\SET12CA.tmp
2011-01-18 21:37 . 2008-04-14 04:42 75776 ----a-w- c:\windows\system32\SET12A3.tmp
2011-01-18 21:37 . 2008-04-14 04:42 354304 ----a-w- c:\windows\system32\SET1298.tmp
2011-01-18 21:37 . 2008-04-14 04:42 15872 ----a-w- c:\windows\system32\SET129C.tmp
2011-01-18 21:37 . 2008-04-14 04:42 80896 ----a-w- c:\windows\system32\SET1293.tmp
2011-01-18 21:37 . 2011-01-19 14:00 -------- d-----w- c:\windows\system32\scripting
2011-01-18 21:37 . 2011-01-19 14:00 -------- d-----w- c:\windows\l2schemas
2011-01-18 21:37 . 2011-01-19 14:00 -------- d-----w- c:\windows\system32\en
2011-01-18 21:37 . 2011-01-19 14:00 -------- d-----w- c:\windows\system32\bits
2011-01-18 21:32 . 2008-04-14 04:42 4096 ----a-w- c:\program files\Common Files\System\Ole DB\SET52E.tmp
2011-01-18 21:31 . 2008-04-14 04:42 6656 ----a-w- c:\windows\system32\SET377.tmp
2011-01-18 21:30 . 2008-04-14 04:42 52736 ----a-w- c:\windows\system32\SET1EA.tmp
2011-01-18 21:30 . 2008-04-14 04:42 22528 ----a-w- c:\windows\system32\SET1EE.tmp
2011-01-18 21:30 . 2008-04-14 04:42 19456 ----a-w- c:\windows\system32\SET1F0.tmp
2011-01-18 21:30 . 2008-04-14 04:42 18432 ----a-w- c:\windows\system32\SET1EC.tmp
2011-01-18 21:30 . 2008-04-14 04:42 91648 ----a-w- c:\windows\system32\SET1E8.tmp
2011-01-18 21:30 . 2008-04-14 04:42 483840 ----a-w- c:\windows\system32\SET1E9.tmp
2011-01-18 21:29 . 2006-12-28 23:31 19569 ----a-w- c:\windows\003093_.tmp
2011-01-18 21:26 . 2008-04-13 18:56 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2011-01-18 21:26 . 2008-04-13 18:53 264832 ----a-w- c:\windows\system32\drivers\http.sys
2011-01-18 21:26 . 2008-04-13 18:40 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
2011-01-18 21:26 . 2008-04-13 18:40 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-01-18 21:26 . 2008-04-13 18:36 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-01-18 21:26 . 2008-04-13 18:36 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-01-18 21:26 . 2008-04-13 18:31 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
2011-01-18 21:26 . 2008-04-13 18:31 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-01-17 22:54 . 2011-01-17 23:04 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\CasinoOnNet
2011-01-17 22:54 . 2011-01-17 22:54 -------- d-----w- c:\program files\CasinoOnNet
2011-01-11 09:25 . 2011-01-11 09:25 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\XnView
2011-01-09 22:06 . 2011-01-09 22:06 -------- d-----w- C:\Dev-Cpp
2011-01-09 20:56 . 2011-01-09 20:56 -------- d-----w- c:\documents and settings\Broj Jedan\Local Settings\Application Data\Identities
2011-01-08 10:23 . 2010-06-15 17:27 282928 ----a-w- c:\windows\system32\HMIPCore.dll
2011-01-07 23:34 . 2011-01-09 11:16 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\Hide IP NG
2011-01-07 23:20 . 2011-01-07 23:20 -------- d-----w- c:\documents and settings\Broj Jedan\WINDOWS
2011-01-07 17:48 . 2011-01-07 15:34 272896 ----a-w- C:\WC3 Multi Lossbot 1.2 (1).exe
2011-01-05 20:21 . 2011-01-05 20:21 -------- d-----w- c:\program files\MySQL
2011-01-04 09:40 . 2011-01-04 09:40 -------- d-----w- c:\documents and settings\vule.VANK\Application Data\Subversion
2011-01-04 09:39 . 2011-01-25 14:26 -------- d-----w- c:\documents and settings\vule.VANK\Local Settings\Application Data\TSVNCache
2011-01-03 22:19 . 2011-01-03 22:19 -------- d-----w- c:\documents and settings\Broj Jedan\Local Settings\Application Data\ghost_configurator
2011-01-03 16:11 . 2011-01-07 23:49 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\GetRightToGo
2011-01-03 15:55 . 2011-01-26 13:40 -------- d-----w- c:\documents and settings\Broj Jedan\Local Settings\Application Data\TSVNCache
2011-01-03 15:39 . 2011-01-04 00:14 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\TortoiseSVN
2011-01-03 15:34 . 2011-01-03 15:34 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\Subversion
2011-01-03 15:26 . 2011-01-03 15:26 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2011-01-03 15:26 . 2011-01-03 15:26 -------- d-----w- c:\program files\TortoiseSVN
2010-12-31 21:05 . 2011-01-09 22:08 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\Dev-Cpp
2010-12-31 19:30 . 2010-12-31 19:30 90112 ----a-w- c:\windows\system32\d3x8.dll
2010-12-30 12:50 . 2010-12-30 12:54 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\TS3Client
2010-12-30 12:48 . 2010-12-30 12:50 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-12-29 17:15 . 2011-01-03 22:35 -------- d-----w- c:\program files\Garena
2010-12-27 17:20 . 2010-12-27 17:26 -------- d-----w- c:\program files\Visual Pinball

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 09:41 . 2010-11-13 07:13 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-26 12:24 . 2010-12-26 18:06 44436 ----a-w- C:\amadeus.(1984).scc.1cd.(3819747).zip
2010-12-26 12:22 . 2010-12-26 18:06 30767 ----a-w- C:\amadeus.(1984).scc.2cd.(28717).zip
2010-12-26 12:20 . 2010-12-26 18:04 21254 ----a-w- C:\amadeus.(1984).scc.1cd.(3831086).zip
2010-12-26 12:17 . 2010-12-26 18:04 15611 ----a-w- C:\amadeus.(1984).scc.1cd.(3831349).zip
2010-11-12 15:54 . 2010-11-12 15:54 592 ----a-w- c:\windows\chgkey.vbs
2010-11-12 13:43 . 2010-11-12 13:43 1057 ----a-w- C:\xplicense.reg
2010-11-10 18:03 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-30 09:16 . 2010-04-30 12:07 1107336 ----a-w- c:\program files\hamachi-2.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81f0e13c-8923-41e5-a021-a4c58c6f8630}"= "c:\program files\Eurobattle.net\tbEuro.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{81f0e13c-8923-41e5-a021-a4c58c6f8630}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 14:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C14512B-4088-384C-1732-5E3C3BEE2BC4}]
2004-08-12 04:00 221184 ----a-w- c:\windows\system32\mqsecc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81f0e13c-8923-41e5-a021-a4c58c6f8630}]
2010-11-29 14:26 3908192 ----a-w- c:\program files\Eurobattle.net\tbEuro.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{81f0e13c-8923-41e5-a021-a4c58c6f8630}"= "c:\program files\Eurobattle.net\tbEuro.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{81f0e13c-8923-41e5-a021-a4c58c6f8630}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{81F0E13C-8923-41E5-A021-A4C58C6F8630}"= "c:\program files\Eurobattle.net\tbEuro.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{81f0e13c-8923-41e5-a021-a4c58c6f8630}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06AXLRD_133046]
2005-06-03 17:30 301776 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06AXLRD_235593]
2005-06-03 17:30 301776 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06AXLRD_9495671]
2005-06-03 17:30 301776 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-04-15 03:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"TunngleService"=2 (0x2)
"InterBaseServer"=3 (0x3)
"InterBaseGuardian"=2 (0x2)
"ResultBar Service"=2 (0x2)
"idsvc"=3 (0x3)
"gupdate"=2 (0x2)
"wuauserv"=3 (0x3)
"pvpgn"=3 (0x3)
"MySQL"=2 (0x2)
"d2dbs"=2 (0x2)
"d2cs"=2 (0x2)
"Apache2.2"=2 (0x2)
"QuestBrowse Service"=2 (0x2)
"MyWebSearchService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\bejeweled twist\\BejeweledTwist.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Steam\\Steam.exe"=

R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [6/9/2010 6:26 PM 6369]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\BROJJE~1\LOCALS~1\Temp\BST8.tmp --> c:\docume~1\BROJJE~1\LOCALS~1\Temp\BST8.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;e:\program files\Garena\plugins\UI\safedrv.sys [10/25/2010 1:56 PM 22112]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [6/30/2005 1:35 AM 166720]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [4/14/2010 1:00 PM 27136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 Apache2.2;Apache2.2;c:\vule ser\xampplite\apache\bin\httpd.exe [12/11/2010 2:41 PM 29416]
S4 d2cs;d2cs service;c:\documents and settings\Broj Jedan\My Documents\Downloads\pvpgn-1.8.5\d2csConsole.exe --service --> c:\documents and settings\Broj Jedan\My Documents\Downloads\pvpgn-1.8.5\d2csConsole.exe --service [?]
S4 d2dbs;d2dbs service;c:\documents and settings\Broj Jedan\My Documents\Downloads\pvpgn-1.8.5\d2dbsConsole.exe --service --> c:\documents and settings\Broj Jedan\My Documents\Downloads\pvpgn-1.8.5\d2dbsConsole.exe --service [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2010 6:25 PM 136176]
S4 pvpgn;PvPGN service;c:\documents and settings\Broj Jedan\My Documents\Downloads\pvpgn-1.8.5\PvPGNConsole.exe --service --> c:\documents and settings\Broj Jedan\My Documents\Downloads\pvpgn-1.8.5\PvPGNConsole.exe --service [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/22/2010 3:41 PM 691696]
S4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [4/14/2010 1:00 PM 716024]
.
Contents of the 'Scheduled Tasks' folder

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-329068152-725345543-1006Core.job
- c:\documents and settings\vule.VANK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-24 17:25]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-329068152-725345543-1006UA.job
- c:\documents and settings\vule.VANK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-24 17:25]

2010-11-16 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]

2011-01-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

2011-01-26 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: chesscube.com\www
Trusted Zone: raiffeisenbank.rs\rol
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.dll
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-ClickPotatoLiteSA - c:\program files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteSA.exe
MSConfigStartUp-HBLiteSA - c:\program files\HBLite\bin\11.0.264.0\HBLiteSA.exe
MSConfigStartUp-mspaint - c:\windows\system32\Paint.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
AddRemove-Counter Strike 1.8 Goiceasoft v 1.8 - e:\program files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\Uninstall.exe
AddRemove-One - c:\documents and settings\Broj Jedan\Desktop\GProxyOne\One_14903.exe
AddRemove-QuestBrowse - c:\program files\QuestBrwSearch\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-26 14:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\BROJJE~1\LOCALS~1\Temp\BST8.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(3896)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2011-01-26 15:02:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-26 14:02
ComboFix2.txt 2010-08-27 19:57

Pre-Run: 3,845,910,528 bytes free
Post-Run: 4,406,587,392 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 80E2F37024F1D98BCA57F18DF832E85C
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
Hiya run the following scans please :-

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Next,

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the
    button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on
    to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
  • Check
  • Click the
    button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the
    button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take between one and several hours to complete depending on the size of your system.

Post the two logs in your reply, also give update on system, any remaining issues

Kevin
 

kingW3

Thread Starter
Joined
Nov 16, 2010
Messages
64
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5610

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/26/2011 8:30:59 PM
mbam-log-2011-01-26 (20-30-59).txt

Scan type: Quick scan
Objects scanned: 218967
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{7C14512B-4088-384C-1732-5E3C3BEE2BC4} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C14512B-4088-384C-1732-5E3C3BEE2BC4} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C14512B-4088-384C-1732-5E3C3BEE2BC4} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (ShopperReports) -> Value: [email protected] -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.ClickPotato) -> Value: [email protected] -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\mqsecc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\broj jedan\my documents\downloads\smileycentralpfsetup2.3.76.6.znman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\broj jedan\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\jeremija.vank\my documents\downloads\warcraft3keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\jeremija.vank\my documents\downloads\fdd.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\compp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
 

kingW3

Thread Starter
Joined
Nov 16, 2010
Messages
64
and about eset it will finish 12h after i have 100 gb
for now 1 infected
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,467
OK, just post the log when the scan is finished. If for any reason you dont get the log it can be found here:-
C:\Program Files\ESET\EsetOnlineScanner\log.txt We are definitely making progress
 

kingW3

Thread Starter
Joined
Nov 16, 2010
Messages
64
ATLAST 6 hours taked

C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteSAAX.dll.vir a variant of Win32/Adware.HotBar.E application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteUninstaller.exe.vir a variant of Win32/Adware.HotBar.E application deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuestBrwSearch\questbrwsearch.dll.vir a variant of Win32/Adware.OneStep.V application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\QuestBrwSearch\questbrwsearch.exe.vir a variant of Win32/Adware.OneStep.T application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\ShopperReports3\bin\3.0.517.0\CmndFF.dll.vir a variant of Win32/Adware.Toolbar.Shopper.AC application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\ShopperReports3\bin\3.0.517.0\Pltfrm.dll.vir a variant of Win32/Adware.Toolbar.Shopper.AC application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll.vir Win32/Adware.Toolbar.Shopper.AC application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079666.dll a variant of Win32/Adware.HotBar.E application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079669.exe a variant of Win32/Adware.HotBar.E application deleted - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079672.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079673.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079674.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079675.DLL Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079676.DLL Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079677.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079678.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079679.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079680.SCR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079681.DLL Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079682.DLL Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079683.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079684.EXE Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079687.DLL Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079688.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079690.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079692.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079694.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079695.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079696.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079698.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079699.EXE Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079700.EXE Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079701.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079702.DLL a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079703.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079704.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079705.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079706.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079707.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079708.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079709.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079710.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079722.dll a variant of Win32/Adware.Toolbar.Shopper.AC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079728.dll a variant of Win32/Adware.Toolbar.Shopper.AC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079729.dll Win32/Adware.Toolbar.Shopper.AC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079765.scr Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP234\A0080080.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP234\A0080081.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
D:\Windows\System32\maapistub.dll a variant of Win32/Agent.SDP trojan cleaned by deleting - quarantined
E:\Documents and Settings\Jeremija\My Documents\Downloads\Setup.exe probably a variant of Win32/Agent.LYWELHD trojan deleted - quarantined
F:\Nero6\Nero-6.6.1.15.exe Win32/Toolbar.AskSBar application deleted - quarantined
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top