1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

infected

Discussion in 'Virus & Other Malware Removal' started by kingW3, Jan 21, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. kingW3

    kingW3 Thread Starter

    Joined:
    Nov 16, 2010
    Messages:
    64
    i got files on my hardrive wheres windows and on another
    s3ug 70 KB
    s20g 70 KB
    scg 70 KB
    scg.1 1 KB
    s20g.qm 0 KB
    srk 70 KB
    srk.qm 0 KB
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:24:19 PM, on 1/21/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.php?rvs=google
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.php?rvs=google
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...downloads.phpnuke.org/en/index.php?rvs=google
    R3 - URLSearchHook: Eurobattle.net Toolbar - {81f0e13c-8923-41e5-a021-a4c58c6f8630} - C:\Program Files\Eurobattle.net\tbEuro.dll
    O2 - BHO: ShopperReports - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {7C14512B-4088-384C-1732-5E3C3BEE2BC4} - C:\WINDOWS\system32\mqsecc.dll
    O2 - BHO: Eurobattle.net Toolbar - {81f0e13c-8923-41e5-a021-a4c58c6f8630} - C:\Program Files\Eurobattle.net\tbEuro.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Eurobattle.net Toolbar - {81f0e13c-8923-41e5-a021-a4c58c6f8630} - C:\Program Files\Eurobattle.net\tbEuro.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteSABHO.dll
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1289567336750
    O16 - DPF: {73848533-39E1-49F1-9363-28054268C094} (FileInterface Class) - https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} (SecAPI Class) - https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6889 bytes
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Don`t post logs in Code boxes, just paste to your reply, also give better description of problem. "Infected" how? what with? what is happening?
     
  3. kingW3

    kingW3 Thread Starter

    Joined:
    Nov 16, 2010
    Messages:
    64
    my internet is kinda slower
    dds log


    DDS (Ver_10-12-12.01) - NTFSx86
    Run by Broj Jedan at 12:08:14.35 on Sat 01/22/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.801 [GMT 1:00]

    AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    E:\Program Files\Warcraft III\war3.exe
    C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Broj Jedan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Broj Jedan\My Documents\Downloads\dds.pif

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/webhp
    uSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=google
    mSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=google
    uURLSearchHooks: Eurobattle.net Toolbar: {81f0e13c-8923-41e5-a021-a4c58c6f8630} - c:\program files\eurobattle.net\tbEuro.dll
    BHO: ShopperReports: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shopperreports3\bin\3.0.517.0\ShopperReports.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: Windows Live ID Sign-in Helper: {7c14512b-4088-384c-1732-5e3c3bee2bc4} - c:\windows\system32\mqsecc.dll
    BHO: Eurobattle.net Toolbar: {81f0e13c-8923-41e5-a021-a4c58c6f8630} - c:\program files\eurobattle.net\tbEuro.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Eurobattle.net Toolbar: {81f0e13c-8923-41e5-a021-a4c58c6f8630} - c:\program files\eurobattle.net\tbEuro.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    EB: ShopperReports – Price Comparison: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shopperreports3\bin\3.0.517.0\ShopperReports.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
    IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} - c:\program files\clickpotatolite\bin\10.0.646.0\ClickPotatoLiteSABHO.dll
    IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shopperreports3\bin\3.0.517.0\ShopperReports.dll
    IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shopperreports3\bin\3.0.517.0\ShopperReports.dll
    Trusted Zone: chesscube.com\www
    Trusted Zone: raiffeisenbank.rs\rol
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289567336750
    DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    LSA: Notification Packages = scecli scecli

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
    R1 MpKsl5e7456d6;MpKsl5e7456d6;c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{c696c04c-e7d0-4630-bc65-979b16e166f8}\MpKsl5e7456d6.sys [2011-1-22 28752]
    R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2010-6-9 6369]
    S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\brojje~1\locals~1\temp\bst8.tmp --> c:\docume~1\brojje~1\locals~1\temp\BST8.tmp [?]
    S3 GGSAFERDriver;GGSAFER Driver;e:\program files\garena\plugins\ui\safedrv.sys [2010-10-25 22112]
    S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2005-6-30 166720]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-4-14 27136]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 Apache2.2;Apache2.2;c:\vule ser\xampplite\apache\bin\httpd.exe [2010-12-11 29416]
    S4 d2cs;d2cs service;c:\documents and settings\broj jedan\my documents\downloads\pvpgn-1.8.5\d2csconsole.exe --service --> c:\documents and settings\broj jedan\my documents\downloads\pvpgn-1.8.5\d2csConsole.exe --service [?]
    S4 d2dbs;d2dbs service;c:\documents and settings\broj jedan\my documents\downloads\pvpgn-1.8.5\d2dbsconsole.exe --service --> c:\documents and settings\broj jedan\my documents\downloads\pvpgn-1.8.5\d2dbsConsole.exe --service [?]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-10 136176]
    S4 pvpgn;PvPGN service;c:\documents and settings\broj jedan\my documents\downloads\pvpgn-1.8.5\pvpgnconsole.exe --service --> c:\documents and settings\broj jedan\my documents\downloads\pvpgn-1.8.5\PvPGNConsole.exe --service [?]
    S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2010-4-14 716024]

    =============== Created Last 30 ================

    2011-01-22 09:36:03 28752 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{c696c04c-e7d0-4630-bc65-979b16e166f8}\MpKsl5e7456d6.sys
    2011-01-22 09:35:48 5890896 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{c696c04c-e7d0-4630-bc65-979b16e166f8}\mpengine.dll
    2011-01-19 14:51:55 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2011-01-19 14:51:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-01-19 14:51:21 112832 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\vcexpress\10.0\1033\ResourceCache.dll
    2011-01-19 14:48:09 -------- d-----w- c:\program files\Microsoft Help Viewer
    2011-01-19 14:48:08 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2011-01-19 14:48:08 -------- d-----w- c:\program files\common files\Merge Modules
    2011-01-19 13:57:57 -------- d-----w- c:\windows\ServicePackFiles
    2011-01-19 13:38:14 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
    2011-01-19 12:39:41 -------- d-----w- C:\boost_1_38_0
    2011-01-18 21:45:34 -------- d--h--w- c:\windows\$hf_mig$
    2011-01-18 21:37:41 16896 ----a-w- c:\windows\system32\SET12F5.tmp
    2011-01-18 21:37:40 24576 ----a-w- c:\windows\system32\SET12EF.tmp
    2011-01-18 21:37:37 539136 ----a-w- c:\windows\system32\SET12C8.tmp
    2011-01-18 21:37:37 177152 ----a-w- c:\windows\system32\SET12CA.tmp
    2011-01-18 21:37:33 75776 ----a-w- c:\windows\system32\SET12A3.tmp
    2011-01-18 21:37:32 354304 ----a-w- c:\windows\system32\SET1298.tmp
    2011-01-18 21:37:32 15872 ----a-w- c:\windows\system32\SET129C.tmp
    2011-01-18 21:37:31 80896 ----a-w- c:\windows\system32\SET1293.tmp
    2011-01-18 21:37:29 -------- d-----w- c:\windows\system32\scripting
    2011-01-18 21:37:28 -------- d-----w- c:\windows\l2schemas
    2011-01-18 21:37:27 -------- d-----w- c:\windows\system32\en
    2011-01-18 21:37:27 -------- d-----w- c:\windows\system32\bits
    2011-01-18 21:32:59 4096 ----a-w- c:\program files\common files\system\ole db\SET52E.tmp
    2011-01-18 21:31:59 6656 ----a-w- c:\windows\system32\SET377.tmp
    2011-01-18 21:30:59 52736 ----a-w- c:\windows\system32\SET1EA.tmp
    2011-01-18 21:30:59 22528 ----a-w- c:\windows\system32\SET1EE.tmp
    2011-01-18 21:30:59 19456 ----a-w- c:\windows\system32\SET1F0.tmp
    2011-01-18 21:30:59 18432 ----a-w- c:\windows\system32\SET1EC.tmp
    2011-01-18 21:30:58 91648 ----a-w- c:\windows\system32\SET1E8.tmp
    2011-01-18 21:30:58 483840 ----a-w- c:\windows\system32\SET1E9.tmp
    2011-01-18 21:30:56 -------- d-----w- c:\windows\network diagnostic
    2011-01-18 21:29:15 19569 ----a-w- c:\windows\003093_.tmp
    2011-01-18 21:26:03 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
    2011-01-18 21:26:03 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
    2011-01-18 21:26:03 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2011-01-18 21:26:03 264832 ----a-w- c:\windows\system32\drivers\http.sys
    2011-01-18 21:26:03 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
    2011-01-18 21:26:03 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
    2011-01-18 21:26:03 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
    2011-01-18 21:26:03 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2011-01-17 22:54:45 -------- d-----w- c:\docume~1\brojje~1\applic~1\CasinoOnNet
    2011-01-17 22:54:33 -------- d-----w- c:\program files\CasinoOnNet
    2011-01-15 22:54:00 -------- d-----w- c:\program files\QuestBrwSearch
    2011-01-15 22:54:00 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\QuestBrwSearch
    2011-01-15 22:53:49 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\ClickPotatoLiteSA
    2011-01-15 22:53:49 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    2011-01-15 22:53:47 -------- d-----w- c:\program files\ClickPotatoLite
    2011-01-15 22:53:47 -------- d-----w- c:\docume~1\brojje~1\applic~1\ClickPotatoLite
    2011-01-15 22:53:36 -------- d-----w- c:\program files\ShopperReports3
    2011-01-15 22:53:36 -------- d-----w- c:\docume~1\brojje~1\applic~1\ShopperReports3
    2011-01-11 09:25:50 -------- d-----w- c:\docume~1\brojje~1\applic~1\XnView
    2011-01-09 22:06:01 -------- d-----w- C:\Dev-Cpp
    2011-01-09 20:56:04 -------- d-----w- c:\docume~1\brojje~1\locals~1\applic~1\Identities
    2011-01-08 10:23:39 282928 ----a-w- c:\windows\system32\HMIPCore.dll
    2011-01-07 23:34:44 -------- d-----w- c:\docume~1\brojje~1\applic~1\Hide IP NG
    2011-01-07 23:20:06 -------- d-----w- c:\documents and settings\broj jedan\WINDOWS
    2011-01-07 17:48:08 272896 ----a-w- C:\WC3 Multi Lossbot 1.2 (1).exe
    2011-01-05 20:21:25 -------- d-----w- c:\program files\MySQL
    2011-01-03 22:19:37 -------- d-----w- c:\docume~1\brojje~1\locals~1\applic~1\ghost_configurator
    2011-01-03 16:11:58 -------- d-----w- c:\docume~1\brojje~1\applic~1\GetRightToGo
    2011-01-03 15:55:51 -------- d-----w- c:\docume~1\brojje~1\locals~1\applic~1\TSVNCache
    2011-01-03 15:39:37 -------- d-----w- c:\docume~1\brojje~1\applic~1\TortoiseSVN
    2011-01-03 15:34:13 -------- d-----w- c:\docume~1\brojje~1\applic~1\Subversion
    2011-01-03 15:26:50 -------- d-----w- c:\program files\common files\TortoiseOverlays
    2011-01-03 15:26:49 -------- d-----w- c:\program files\TortoiseSVN
    2010-12-31 21:05:45 -------- d-----w- c:\docume~1\brojje~1\applic~1\Dev-Cpp
    2010-12-31 19:30:14 90112 ----a-w- c:\windows\system32\d3x8.dll
    2010-12-30 12:50:17 -------- d-----w- c:\docume~1\brojje~1\applic~1\TS3Client
    2010-12-30 12:48:55 -------- d-----w- c:\program files\TeamSpeak 3 Client
    2010-12-29 17:15:39 -------- d-----w- c:\program files\Garena
    2010-12-27 17:20:02 -------- d-----w- c:\program files\Visual Pinball

    ==================== Find3M ====================

    2010-11-12 15:54:02 592 ----a-w- c:\windows\chgkey.vbs
    2010-11-12 13:43:14 1057 ----a-w- C:\xplicense.reg
    2010-11-10 18:03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-03-30 09:16:12 1107336 ----a-w- c:\program files\hamachi-2.exe

    ============= FINISH: 12:09:27.70 ===============
     

    Attached Files:

  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Post the Attach Txt from DDS . Next run the following :-

    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.

    Kevin
     
  5. kingW3

    kingW3 Thread Starter

    Joined:
    Nov 16, 2010
    Messages:
    64
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-B4P6V-6FDFP-T7FW3
    Windows Product Key Hash: 0JZxxbGgx5nNC9sWopI0sH421uA=
    Windows Product ID: 55274-641-2930734-23362
    Windows Product ID Type: 1
    Windows License Type: Volume
    Windows OS version: 5.1.2600.2.00010100.3.0.pro
    ID: {7991809C-3764-4EC0-BDBA-3BD371FDB264}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 114 Blocked VLK 2
    Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{7991809C-3764-4EC0-BDBA-3BD371FDB264}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-T7FW3</PKey><PID>55274-641-2930734-23362</PID><PIDType>1</PIDType><SID>S-1-5-21-2025429265-329068152-725345543</SID><SYSTEM><Manufacturer>ECS</Manufacturer><Model>915PL-A2</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080011 </Version><SMBIOSVersion major="2" minor="3"/><Date>20050629000000.000000+000</Date></BIOS><HWID>21A4317F01844E7D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Europe Standard Time(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57248</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 1900C:Elitegroup Computer Systems Co Ltd|13C1D:GENUINE C&C INC
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Where did you get your version of Windows XP from? Also Microsoft Office, both are running of Volume License Keys
    The key for XP has passed but VLK are usually attributed to Businesses and Educational Authorities etc, not personal systems.
    The Key for your copy of MS office is blocked.

    Any comments??
     
  7. kingW3

    kingW3 Thread Starter

    Joined:
    Nov 16, 2010
    Messages:
    64
    its from my work and i forgot to change the key for office
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya kingW3,

    OK, thanks for the explanation. Proceed as follows please :-

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    Combofix

    Don`t forget Combofix must be saved to your desktop. <--Very important, do not save to or run from anyehere else

    Before saving Combofix to the Desktop rename to Gotcha.exe as below:

    [​IMG]

    Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

    Please include the C:\ComboFix.txt in your next reply for further review.

    Examples of how to disable realtime protection available at the following link :-

    Disable realtime protection

    Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in your reply please..

    Kevin
     
  9. kingW3

    kingW3 Thread Starter

    Joined:
    Nov 16, 2010
    Messages:
    64
    i forgot to rename it so should i rename it and run again?
     
  10. kingW3

    kingW3 Thread Starter

    Joined:
    Nov 16, 2010
    Messages:
    64
    i can rename it and run scan again
    heres the log

    ComboFix 11-01-25.03 - Broj Jedan 01/26/2011 14:44:50.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1242 [GMT 1:00]
    Running from: c:\documents and settings\Broj Jedan\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users.WINDOWS\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    c:\documents and settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA
    c:\documents and settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
    c:\documents and settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat
    c:\documents and settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
    c:\documents and settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat
    c:\documents and settings\All Users.WINDOWS\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
    c:\documents and settings\All Users.WINDOWS\Application Data\QuestBrwSearch
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ClickPotato
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ClickPotato\About Us.lnk
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ShopperReports
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ShopperReports\About Us.lnk
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ShopperReports\Customer Support.lnk
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
    c:\documents and settings\Broj Jedan\Application Data\ClickPotatoLite
    c:\documents and settings\Broj Jedan\Application Data\ShopperReports3
    c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\Config.xml
    c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs
    c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\db\Sites.dbs
    c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip
    c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml
    c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\report\send_storage.xml
    c:\documents and settings\Broj Jedan\Application Data\ShopperReports3\IE\cs\res1\WhiteList.dbs
    c:\documents and settings\vule.VANK\Application Data\ShopperReports3
    c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\Config.xml
    c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\db\Aliases.dbs
    c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\db\Sites.dbs
    c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\dwld\WhiteList.xip
    c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\report\aggr_storage.xml
    c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\report\send_storage.xml
    c:\documents and settings\vule.VANK\Application Data\ShopperReports3\IE\cs\res2\WhiteList.dbs
    c:\program files\ClickPotatoLite
    c:\program files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteSAAX.dll
    c:\program files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteSABHO.dll
    c:\program files\ClickPotatoLite\bin\10.0.646.0\ClickpotatoLiteSAHook.dll
    c:\program files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteUninstaller.exe
    c:\program files\ClickPotatoLite\bin\10.0.646.0\firefox\extensions\install.rdf
    c:\program files\ClickPotatoLite\bin\10.0.646.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll
    c:\program files\FunWebProducts
    c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    c:\program files\MyWebSearch
    c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
    c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
    c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
    c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
    c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
    c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
    c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
    c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
    c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
    c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
    c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
    c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3TPINST.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
    c:\program files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
    c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
    c:\program files\MyWebSearch\bar\Cache\00B17FF1
    c:\program files\MyWebSearch\bar\Cache\00B18540
    c:\program files\MyWebSearch\bar\Cache\00B186A7.bin
    c:\program files\MyWebSearch\bar\Cache\00B18715.bmp
    c:\program files\MyWebSearch\bar\Cache\00B18772.bin
    c:\program files\MyWebSearch\bar\Cache\00B187FF.bin
    c:\program files\MyWebSearch\bar\Cache\files.ini
    c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
    c:\program files\MyWebSearch\bar\Game\CHESS.F3S
    c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
    c:\program files\MyWebSearch\bar\History\search3
    c:\program files\MyWebSearch\bar\icons\CM.ICO
    c:\program files\MyWebSearch\bar\icons\MFC.ICO
    c:\program files\MyWebSearch\bar\icons\PSS.ICO
    c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
    c:\program files\MyWebSearch\bar\icons\WB.ICO
    c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
    c:\program files\MyWebSearch\bar\Message\COMMON.F3S
    c:\program files\MyWebSearch\bar\Message\COMMON\8_step1.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\bkez.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkgr.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkgs.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bklf.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkrg.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzc.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzl.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzn.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzq.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzr.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzu.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzv.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzw.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg
    c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2d.png
    c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2r.png
    c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3d.png
    c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3r.png
    c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\rebut4.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\rebut4b.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\rebut4c.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\shield.png
    c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
    c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
    c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
    c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
    c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
    c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
    c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
    c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
    c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
    c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
    c:\program files\MyWebSearch\bar\Settings\s_pid.dat
    c:\program files\QuestBrwSearch
    c:\program files\QuestBrwSearch\questbrwsearch.dll
    c:\program files\QuestBrwSearch\questbrwsearch.exe
    c:\program files\QuestBrwSearch\uninstall.exe
    c:\program files\ShopperReports3
    c:\program files\ShopperReports3\bin\3.0.517.0\BRNstIE.dll
    c:\program files\ShopperReports3\bin\3.0.517.0\CmndFF.dll
    c:\program files\ShopperReports3\bin\3.0.517.0\CnTNtcntr.dll
    c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest
    c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar
    c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
    c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt
    c:\program files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf
    c:\program files\ShopperReports3\bin\3.0.517.0\link.ico
    c:\program files\ShopperReports3\bin\3.0.517.0\moZIllaps.dll
    c:\program files\ShopperReports3\bin\3.0.517.0\Pltfrm.dll
    c:\program files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll
    c:\program files\ShopperReports3\bin\3.0.517.0\ShopperReportsUninstaller.exe
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\system32\_004763_.tmp.dll
    c:\windows\system32\_004764_.tmp.dll
    c:\windows\system32\_004765_.tmp.dll
    c:\windows\system32\_004766_.tmp.dll
    c:\windows\system32\_004773_.tmp.dll
    c:\windows\system32\_004774_.tmp.dll
    c:\windows\system32\_004775_.tmp.dll
    c:\windows\system32\_004776_.tmp.dll
    c:\windows\system32\_004778_.tmp.dll
    c:\windows\system32\_004779_.tmp.dll
    c:\windows\system32\_004782_.tmp.dll
    c:\windows\system32\_004783_.tmp.dll
    c:\windows\system32\_004785_.tmp.dll
    c:\windows\system32\_004786_.tmp.dll
    c:\windows\system32\_004787_.tmp.dll
    c:\windows\system32\_004789_.tmp.dll
    c:\windows\system32\_004792_.tmp.dll
    c:\windows\system32\_004793_.tmp.dll
    c:\windows\system32\_004797_.tmp.dll
    c:\windows\system32\_004798_.tmp.dll
    c:\windows\system32\_004800_.tmp.dll
    c:\windows\system32\_004803_.tmp.dll
    c:\windows\system32\_004805_.tmp.dll
    c:\windows\system32\_004806_.tmp.dll
    c:\windows\system32\_004808_.tmp.dll
    c:\windows\system32\_004809_.tmp.dll
    c:\windows\system32\_004812_.tmp.dll
    c:\windows\system32\_004813_.tmp.dll
    c:\windows\system32\_004814_.tmp.dll
    c:\windows\system32\_004815_.tmp.dll
    c:\windows\system32\_004816_.tmp.dll
    c:\windows\system32\_004821_.tmp.dll
    c:\windows\system32\_004823_.tmp.dll
    c:\windows\system32\_004824_.tmp.dll
    c:\windows\system32\f3PSSavr.scr
    c:\windows\system32\midas.dll
    G:\install.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MYWEBSEARCHSERVICE
    -------\Service_MyWebSearchService


    ((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
    .

    2011-01-26 13:34 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97EA4637-2D48-44D7-9969-350A07B0CF2D}\mpengine.dll
    2011-01-26 13:34 . 2011-01-13 09:41 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2011-01-26 13:34 . 2011-01-26 13:35 -------- d-----w- c:\program files\Microsoft Security Client
    2011-01-24 13:36 . 2011-01-24 13:37 -------- d-----w- c:\documents and settings\vule.VANK\Local Settings\Application Data\Temp
    2011-01-24 13:36 . 2011-01-24 13:38 -------- d-----w- c:\documents and settings\vule.VANK\Local Settings\Application Data\Google
    2011-01-24 13:10 . 2011-01-24 13:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
    2011-01-19 14:51 . 2011-01-19 14:51 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2011-01-19 14:51 . 2011-01-19 14:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-01-19 14:51 . 2011-01-19 14:51 112832 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
    2011-01-19 14:48 . 2011-01-19 14:48 -------- d-----w- c:\windows\symbols
    2011-01-19 14:48 . 2011-01-19 14:48 -------- d-----w- c:\program files\Microsoft Help Viewer
    2011-01-19 14:48 . 2011-01-19 14:49 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2011-01-19 14:48 . 2011-01-19 14:48 -------- d-----w- c:\program files\Microsoft SDKs
    2011-01-19 14:48 . 2011-01-19 14:48 -------- d-----w- c:\program files\Common Files\Merge Modules
    2011-01-19 13:57 . 2011-01-19 14:01 -------- d-----w- c:\windows\ServicePackFiles
    2011-01-19 13:38 . 2004-08-03 21:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
    2011-01-19 12:39 . 2011-01-19 14:59 -------- d-----w- C:\boost_1_38_0
    2011-01-18 21:45 . 2011-01-19 13:10 -------- d--h--w- c:\windows\$hf_mig$
    2011-01-18 21:37 . 2008-04-14 04:41 16896 ----a-w- c:\windows\system32\SET12F5.tmp
    2011-01-18 21:37 . 2008-04-14 04:41 24576 ----a-w- c:\windows\system32\SET12EF.tmp
    2011-01-18 21:37 . 2008-04-14 04:42 539136 ----a-w- c:\windows\system32\SET12C8.tmp
    2011-01-18 21:37 . 2008-04-14 04:40 177152 ----a-w- c:\windows\system32\SET12CA.tmp
    2011-01-18 21:37 . 2008-04-14 04:42 75776 ----a-w- c:\windows\system32\SET12A3.tmp
    2011-01-18 21:37 . 2008-04-14 04:42 354304 ----a-w- c:\windows\system32\SET1298.tmp
    2011-01-18 21:37 . 2008-04-14 04:42 15872 ----a-w- c:\windows\system32\SET129C.tmp
    2011-01-18 21:37 . 2008-04-14 04:42 80896 ----a-w- c:\windows\system32\SET1293.tmp
    2011-01-18 21:37 . 2011-01-19 14:00 -------- d-----w- c:\windows\system32\scripting
    2011-01-18 21:37 . 2011-01-19 14:00 -------- d-----w- c:\windows\l2schemas
    2011-01-18 21:37 . 2011-01-19 14:00 -------- d-----w- c:\windows\system32\en
    2011-01-18 21:37 . 2011-01-19 14:00 -------- d-----w- c:\windows\system32\bits
    2011-01-18 21:32 . 2008-04-14 04:42 4096 ----a-w- c:\program files\Common Files\System\Ole DB\SET52E.tmp
    2011-01-18 21:31 . 2008-04-14 04:42 6656 ----a-w- c:\windows\system32\SET377.tmp
    2011-01-18 21:30 . 2008-04-14 04:42 52736 ----a-w- c:\windows\system32\SET1EA.tmp
    2011-01-18 21:30 . 2008-04-14 04:42 22528 ----a-w- c:\windows\system32\SET1EE.tmp
    2011-01-18 21:30 . 2008-04-14 04:42 19456 ----a-w- c:\windows\system32\SET1F0.tmp
    2011-01-18 21:30 . 2008-04-14 04:42 18432 ----a-w- c:\windows\system32\SET1EC.tmp
    2011-01-18 21:30 . 2008-04-14 04:42 91648 ----a-w- c:\windows\system32\SET1E8.tmp
    2011-01-18 21:30 . 2008-04-14 04:42 483840 ----a-w- c:\windows\system32\SET1E9.tmp
    2011-01-18 21:29 . 2006-12-28 23:31 19569 ----a-w- c:\windows\003093_.tmp
    2011-01-18 21:26 . 2008-04-13 18:56 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
    2011-01-18 21:26 . 2008-04-13 18:53 264832 ----a-w- c:\windows\system32\drivers\http.sys
    2011-01-18 21:26 . 2008-04-13 18:40 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys
    2011-01-18 21:26 . 2008-04-13 18:40 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2011-01-18 21:26 . 2008-04-13 18:36 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
    2011-01-18 21:26 . 2008-04-13 18:36 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys
    2011-01-18 21:26 . 2008-04-13 18:31 37760 ----a-w- c:\windows\system32\drivers\amdk7.sys
    2011-01-18 21:26 . 2008-04-13 18:31 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
    2011-01-17 22:54 . 2011-01-17 23:04 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\CasinoOnNet
    2011-01-17 22:54 . 2011-01-17 22:54 -------- d-----w- c:\program files\CasinoOnNet
    2011-01-11 09:25 . 2011-01-11 09:25 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\XnView
    2011-01-09 22:06 . 2011-01-09 22:06 -------- d-----w- C:\Dev-Cpp
    2011-01-09 20:56 . 2011-01-09 20:56 -------- d-----w- c:\documents and settings\Broj Jedan\Local Settings\Application Data\Identities
    2011-01-08 10:23 . 2010-06-15 17:27 282928 ----a-w- c:\windows\system32\HMIPCore.dll
    2011-01-07 23:34 . 2011-01-09 11:16 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\Hide IP NG
    2011-01-07 23:20 . 2011-01-07 23:20 -------- d-----w- c:\documents and settings\Broj Jedan\WINDOWS
    2011-01-07 17:48 . 2011-01-07 15:34 272896 ----a-w- C:\WC3 Multi Lossbot 1.2 (1).exe
    2011-01-05 20:21 . 2011-01-05 20:21 -------- d-----w- c:\program files\MySQL
    2011-01-04 09:40 . 2011-01-04 09:40 -------- d-----w- c:\documents and settings\vule.VANK\Application Data\Subversion
    2011-01-04 09:39 . 2011-01-25 14:26 -------- d-----w- c:\documents and settings\vule.VANK\Local Settings\Application Data\TSVNCache
    2011-01-03 22:19 . 2011-01-03 22:19 -------- d-----w- c:\documents and settings\Broj Jedan\Local Settings\Application Data\ghost_configurator
    2011-01-03 16:11 . 2011-01-07 23:49 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\GetRightToGo
    2011-01-03 15:55 . 2011-01-26 13:40 -------- d-----w- c:\documents and settings\Broj Jedan\Local Settings\Application Data\TSVNCache
    2011-01-03 15:39 . 2011-01-04 00:14 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\TortoiseSVN
    2011-01-03 15:34 . 2011-01-03 15:34 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\Subversion
    2011-01-03 15:26 . 2011-01-03 15:26 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
    2011-01-03 15:26 . 2011-01-03 15:26 -------- d-----w- c:\program files\TortoiseSVN
    2010-12-31 21:05 . 2011-01-09 22:08 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\Dev-Cpp
    2010-12-31 19:30 . 2010-12-31 19:30 90112 ----a-w- c:\windows\system32\d3x8.dll
    2010-12-30 12:50 . 2010-12-30 12:54 -------- d-----w- c:\documents and settings\Broj Jedan\Application Data\TS3Client
    2010-12-30 12:48 . 2010-12-30 12:50 -------- d-----w- c:\program files\TeamSpeak 3 Client
    2010-12-29 17:15 . 2011-01-03 22:35 -------- d-----w- c:\program files\Garena
    2010-12-27 17:20 . 2010-12-27 17:26 -------- d-----w- c:\program files\Visual Pinball

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 09:41 . 2010-11-13 07:13 5890896 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2010-12-26 12:24 . 2010-12-26 18:06 44436 ----a-w- C:\amadeus.(1984).scc.1cd.(3819747).zip
    2010-12-26 12:22 . 2010-12-26 18:06 30767 ----a-w- C:\amadeus.(1984).scc.2cd.(28717).zip
    2010-12-26 12:20 . 2010-12-26 18:04 21254 ----a-w- C:\amadeus.(1984).scc.1cd.(3831086).zip
    2010-12-26 12:17 . 2010-12-26 18:04 15611 ----a-w- C:\amadeus.(1984).scc.1cd.(3831349).zip
    2010-11-12 15:54 . 2010-11-12 15:54 592 ----a-w- c:\windows\chgkey.vbs
    2010-11-12 13:43 . 2010-11-12 13:43 1057 ----a-w- C:\xplicense.reg
    2010-11-10 18:03 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-03-30 09:16 . 2010-04-30 12:07 1107336 ----a-w- c:\program files\hamachi-2.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81f0e13c-8923-41e5-a021-a4c58c6f8630}"= "c:\program files\Eurobattle.net\tbEuro.dll" [2010-11-29 3908192]

    [HKEY_CLASSES_ROOT\clsid\{81f0e13c-8923-41e5-a021-a4c58c6f8630}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-29 14:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C14512B-4088-384C-1732-5E3C3BEE2BC4}]
    2004-08-12 04:00 221184 ----a-w- c:\windows\system32\mqsecc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81f0e13c-8923-41e5-a021-a4c58c6f8630}]
    2010-11-29 14:26 3908192 ----a-w- c:\program files\Eurobattle.net\tbEuro.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{81f0e13c-8923-41e5-a021-a4c58c6f8630}"= "c:\program files\Eurobattle.net\tbEuro.dll" [2010-11-29 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

    [HKEY_CLASSES_ROOT\clsid\{81f0e13c-8923-41e5-a021-a4c58c6f8630}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{81F0E13C-8923-41E5-A021-A4C58C6F8630}"= "c:\program files\Eurobattle.net\tbEuro.dll" [2010-11-29 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]

    [HKEY_CLASSES_ROOT\clsid\{81f0e13c-8923-41e5-a021-a4c58c6f8630}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06AXLRD_133046]
    2005-06-03 17:30 301776 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06AXLRD_235593]
    2005-06-03 17:30 301776 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06AXLRD_9495671]
    2005-06-03 17:30 301776 ----a-w- c:\program files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 13:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2005-04-15 03:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ose"=3 (0x3)
    "TunngleService"=2 (0x2)
    "InterBaseServer"=3 (0x3)
    "InterBaseGuardian"=2 (0x2)
    "ResultBar Service"=2 (0x2)
    "idsvc"=3 (0x3)
    "gupdate"=2 (0x2)
    "wuauserv"=3 (0x3)
    "pvpgn"=3 (0x3)
    "MySQL"=2 (0x2)
    "d2dbs"=2 (0x2)
    "d2cs"=2 (0x2)
    "Apache2.2"=2 (0x2)
    "QuestBrowse Service"=2 (0x2)
    "MyWebSearchService"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
    "c:\\Program Files\\Tunngle\\Tunngle.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\bejeweled twist\\BejeweledTwist.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "e:\\Program Files\\Steam\\Steam.exe"=

    R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [6/9/2010 6:26 PM 6369]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\BROJJE~1\LOCALS~1\Temp\BST8.tmp --> c:\docume~1\BROJJE~1\LOCALS~1\Temp\BST8.tmp [?]
    S3 GGSAFERDriver;GGSAFER Driver;e:\program files\Garena\plugins\UI\safedrv.sys [10/25/2010 1:56 PM 22112]
    S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [6/30/2005 1:35 AM 166720]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [4/14/2010 1:00 PM 27136]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 Apache2.2;Apache2.2;c:\vule ser\xampplite\apache\bin\httpd.exe [12/11/2010 2:41 PM 29416]
    S4 d2cs;d2cs service;c:\documents and settings\Broj Jedan\My Documents\Downloads\pvpgn-1.8.5\d2csConsole.exe --service --> c:\documents and settings\Broj Jedan\My Documents\Downloads\pvpgn-1.8.5\d2csConsole.exe --service [?]
    S4 d2dbs;d2dbs service;c:\documents and settings\Broj Jedan\My Documents\Downloads\pvpgn-1.8.5\d2dbsConsole.exe --service --> c:\documents and settings\Broj Jedan\My Documents\Downloads\pvpgn-1.8.5\d2dbsConsole.exe --service [?]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2010 6:25 PM 136176]
    S4 pvpgn;PvPGN service;c:\documents and settings\Broj Jedan\My Documents\Downloads\pvpgn-1.8.5\PvPGNConsole.exe --service --> c:\documents and settings\Broj Jedan\My Documents\Downloads\pvpgn-1.8.5\PvPGNConsole.exe --service [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/22/2010 3:41 PM 691696]
    S4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [4/14/2010 1:00 PM 716024]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-329068152-725345543-1006Core.job
    - c:\documents and settings\vule.VANK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-24 17:25]

    2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-329068152-725345543-1006UA.job
    - c:\documents and settings\vule.VANK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-24 17:25]

    2010-11-16 c:\windows\Tasks\Install_NSS.job
    - c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]

    2011-01-26 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]

    2011-01-26 c:\windows\Tasks\MpIdleTask.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/webhp
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    Trusted Zone: chesscube.com\www
    Trusted Zone: raiffeisenbank.rs\rol
    DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
    DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.dll
    MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
    MSConfigStartUp-ClickPotatoLiteSA - c:\program files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteSA.exe
    MSConfigStartUp-HBLiteSA - c:\program files\HBLite\bin\11.0.264.0\HBLiteSA.exe
    MSConfigStartUp-mspaint - c:\windows\system32\Paint.exe
    MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    AddRemove-Counter Strike 1.8 Goiceasoft v 1.8 - e:\program files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\Uninstall.exe
    AddRemove-One - c:\documents and settings\Broj Jedan\Desktop\GProxyOne\One_14903.exe
    AddRemove-QuestBrowse - c:\program files\QuestBrwSearch\uninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-26 14:57
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
    "ImagePath"="\??\c:\docume~1\BROJJE~1\LOCALS~1\Temp\BST8.tmp"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(592)
    c:\windows\system32\COMRes.dll

    - - - - - - - > 'explorer.exe'(3896)
    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    c:\program files\TortoiseSVN\bin\TortoiseStub.dll
    c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
    c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\TortoiseSVN\bin\TSVNCache.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-26 15:02:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-26 14:02
    ComboFix2.txt 2010-08-27 19:57

    Pre-Run: 3,845,910,528 bytes free
    Post-Run: 4,406,587,392 bytes free

    Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
    - - End Of File - - 80E2F37024F1D98BCA57F18DF832E85C
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya run the following scans please :-

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Next,

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take between one and several hours to complete depending on the size of your system.

    Post the two logs in your reply, also give update on system, any remaining issues

    Kevin
     
  12. kingW3

    kingW3 Thread Starter

    Joined:
    Nov 16, 2010
    Messages:
    64
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5610

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/26/2011 8:30:59 PM
    mbam-log-2011-01-26 (20-30-59).txt

    Scan type: Quick scan
    Objects scanned: 218967
    Time elapsed: 6 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 24
    Registry Values Infected: 3
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{7C14512B-4088-384C-1732-5E3C3BEE2BC4} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C14512B-4088-384C-1732-5E3C3BEE2BC4} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C14512B-4088-384C-1732-5E3C3BEE2BC4} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (ShopperReports) -> Value: [email protected] -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\[email protected] (Adware.ClickPotato) -> Value: [email protected] -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\system32\mqsecc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\broj jedan\my documents\downloads\smileycentralpfsetup2.3.76.6.znman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\documents and settings\broj jedan\my documents\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\documents and settings\jeremija.vank\my documents\downloads\warcraft3keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\jeremija.vank\my documents\downloads\fdd.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\compp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
     
  13. kingW3

    kingW3 Thread Starter

    Joined:
    Nov 16, 2010
    Messages:
    64
    and about eset it will finish 12h after i have 100 gb
    for now 1 infected
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, just post the log when the scan is finished. If for any reason you dont get the log it can be found here:-
    C:\Program Files\ESET\EsetOnlineScanner\log.txt We are definitely making progress
     
  15. kingW3

    kingW3 Thread Starter

    Joined:
    Nov 16, 2010
    Messages:
    64
    ATLAST 6 hours taked

    C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteSAAX.dll.vir a variant of Win32/Adware.HotBar.E application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\ClickPotatoLite\bin\10.0.646.0\ClickPotatoLiteUninstaller.exe.vir a variant of Win32/Adware.HotBar.E application deleted - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/Adware.FunWeb application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/Adware.FunWeb application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/Adware.FunWeb application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\QuestBrwSearch\questbrwsearch.dll.vir a variant of Win32/Adware.OneStep.V application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\QuestBrwSearch\questbrwsearch.exe.vir a variant of Win32/Adware.OneStep.T application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\ShopperReports3\bin\3.0.517.0\CmndFF.dll.vir a variant of Win32/Adware.Toolbar.Shopper.AC application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\ShopperReports3\bin\3.0.517.0\Pltfrm.dll.vir a variant of Win32/Adware.Toolbar.Shopper.AC application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll.vir Win32/Adware.Toolbar.Shopper.AC application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079666.dll a variant of Win32/Adware.HotBar.E application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079669.exe a variant of Win32/Adware.HotBar.E application deleted - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079672.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079673.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079674.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079675.DLL Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079676.DLL Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079677.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079678.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079679.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079680.SCR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079681.DLL Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079682.DLL Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079683.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079684.EXE Win32/Adware.FunWeb application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079687.DLL Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079688.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079690.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079692.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079694.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079695.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079696.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079698.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079699.EXE Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079700.EXE Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079701.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079702.DLL a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079703.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079704.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079705.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079706.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079707.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079708.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079709.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079710.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079722.dll a variant of Win32/Adware.Toolbar.Shopper.AC application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079728.dll a variant of Win32/Adware.Toolbar.Shopper.AC application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079729.dll Win32/Adware.Toolbar.Shopper.AC application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP230\A0079765.scr Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP234\A0080080.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{CA7C3DDE-650B-4EF6-AFFD-7EC4E890EC09}\RP234\A0080081.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    D:\Windows\System32\maapistub.dll a variant of Win32/Agent.SDP trojan cleaned by deleting - quarantined
    E:\Documents and Settings\Jeremija\My Documents\Downloads\Setup.exe probably a variant of Win32/Agent.LYWELHD trojan deleted - quarantined
    F:\Nero6\Nero-6.6.1.15.exe Win32/Toolbar.AskSBar application deleted - quarantined
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/976092

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice