AdWare

[GameMaster]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:49, on 9.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [NudgeMania] C:\Program Files\NudgeMania\NudgeMania.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm414YYHR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B23C1243-55FD-4AF8-BE5C-FF48B9502C27}: NameServer = 195.29.149.196 195.29.149.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{E572B41A-37EA-46D3-A9F7-F5C90BEF089B}: NameServer = 195.29.150.3,195.29.150.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 6816 bytes

Ok where is an AdWare here people? I thought I saw a few not one. Help!

 

[whatthehuh]

after entering this post the "suspicious website" flag went up and the brower turned a pukey yellow colour LOL

 

[GameMaster]

lol you are scaring me!!

 

[Punk]

Is there any problems or is it a check up?

 

[Punk]

Yeah you do have a few nasties...

Download and Run ComboFix

• Download this file from either of the two below listed places :
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post in your next reply:

• The combofix log
• A fresh Hijackthis log

 

[GameMaster]

In fact I think I may have some problems, but I didn't find anything on my HijackThis Log so I put it here. My Nod32 didn't find anything aswell, but my computer is slower in some moments.

 

[Punk]

In fact I think I may have some problems, but I didn't find anything on my HijackThis Log so I put it here. My Nod32 didn't find anything aswell, but my computer is slower in some moments.

I posted a fix right after my other post

 

[MixedLogik]

Lol, just by you avatar I bet you have some stuff.

 

[whatthehuh]

lol you are scaring me!!

lol I was'nt kidding. some security feature in the new windows I guess. when I grazed over one of the links thats what happened...first times I've seen it.

 

[GameMaster]

damn this is too big!!

ComboFix 07-12-09.1 - Toni 2007-12-10 14:38:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.617 [GMT -8:00]
Running from: C:\Documents and Settings\Toni\My Documents\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\007A9EFD.urr
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\007A827C
C:\Program Files\MyWebSearch\bar\Cache\007A8C50
C:\Program Files\MyWebSearch\bar\Cache\007A8E44.bin
C:\Program Files\MyWebSearch\bar\Cache\007A919F.bin
C:\Program Files\MyWebSearch\bar\Cache\007AA026.bin
C:\Program Files\MyWebSearch\bar\Cache\007AA3D0.bin
C:\Program Files\MyWebSearch\bar\Cache\007AEB49.bin
C:\Program Files\MyWebSearch\bar\Cache\007AED4C.bin
C:\Program Files\MyWebSearch\bar\Cache\007AEFCD.bin
C:\Program Files\MyWebSearch\bar\Cache\007AF173.bin
C:\Program Files\MyWebSearch\bar\Cache\007AF357.bin
C:\Program Files\MyWebSearch\bar\Cache\009DD267.bin
C:\Program Files\MyWebSearch\bar\Cache\009DD4F7.bin
C:\Program Files\MyWebSearch\bar\Cache\009DD73A.bin
C:\Program Files\MyWebSearch\bar\Cache\0139DCFF
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\f3PSSavr.scr
C:\Program Files\MyWebSearch

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-10 13:17 . 2007-12-10 13:17 30,600 --a------ C:\WINDOWS\EWhiteu12.dat
2007-12-10 13:17 . 2007-12-10 13:17 30,600 --a------ C:\WINDOWS\EDarku12.dat
2007-12-10 13:17 . 2007-12-10 13:17 6 --a------ C:\WINDOWS\EExpou.dat
2007-12-10 13:17 . 2007-12-10 13:17 4 --a------ C:\WINDOWS\AErroru3.dat
2007-12-10 13:17 . 2007-12-10 13:17 1 --a------ C:\WINDOWS\EOffsetu.dat
2007-12-10 13:12 . 2007-12-10 13:12 <DIR> d-------- C:\Program Files\ArtecUSB
2007-12-10 13:05 . 2007-12-10 13:05 <DIR> d-------- C:\Documents and Settings\Toni\Application Data\Uniblue
2007-12-09 11:58 . 2007-12-09 11:58 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-09 11:12 . 2007-12-09 11:12 <DIR> d-------- C:\WINDOWS\Sun
2007-12-09 10:51 . 2007-12-09 10:51 <DIR> d-------- C:\Documents and Settings\Toni\Application Data\skypePM
2007-12-09 10:51 . 2007-12-09 10:51 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-09 10:49 . 2007-12-09 10:49 <DIR> d-------- C:\Program Files\Skype
2007-12-09 10:49 . 2007-12-09 10:49 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-09 10:49 . 2007-12-09 14:57 <DIR> d-------- C:\Documents and Settings\Toni\Application Data\Skype
2007-12-09 10:49 . 2007-12-09 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-12-08 13:07 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-12-08 13:07 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-12-08 13:06 . 2007-12-08 13:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-08 13:06 . 2007-12-08 13:08 <DIR> d-------- C:\Program Files\D-Tools
2007-12-08 12:35 . 2007-12-08 12:35 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-04 10:59 . 2007-12-04 10:59 <DIR> d-------- C:\Documents and Settings\Toni\System
2007-12-04 10:59 . 2007-12-04 11:03 <DIR> d-------- C:\Documents and Settings\Toni\Application Data\SmartDraw
2007-12-04 10:54 . 2007-12-04 10:59 <DIR> d-------- C:\Program Files\SmartDraw 2008
2007-12-03 12:33 . 2007-12-03 12:33 <DIR> d-------- C:\Program Files\Real
2007-12-03 12:33 . 2007-12-03 12:33 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-03 12:33 . 2007-12-03 12:33 <DIR> d-------- C:\Program Files\Common Files\Real
2007-12-03 12:33 . 2007-12-03 12:33 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-12-03 12:33 . 2007-12-03 12:33 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-11-29 14:54 . 2007-11-29 14:54 <DIR> d-------- C:\FPC
2007-11-28 15:04 . 2004-01-14 03:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2007-11-28 14:55 . 2007-11-28 14:55 0 --a------ C:\WINDOWS\OpPrintServer.INI
2007-11-28 14:54 . 2004-04-23 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM5y.DLL
2007-11-28 14:54 . 2004-03-11 18:06 86,016 -ra------ C:\WINDOWS\system32\CNMCP5y.exe
2007-11-28 14:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-28 14:54 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-28 14:54 . 2004-04-23 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS5y.DLL
2007-11-28 14:53 . 2007-11-28 14:53 <DIR> d-------- C:\WINDOWS\StartHtmico
2007-11-28 14:53 . 2007-11-28 14:53 <DIR> d-------- C:\WINDOWS\IP1500
2007-11-28 14:53 . 2007-11-28 15:04 <DIR> d-------- C:\Program Files\Canon
2007-11-28 13:01 . 2007-11-28 13:01 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-27 23:54 . 2007-11-27 23:54 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-27 23:53 . 2007-11-27 23:53 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-27 17:05 . 2007-11-27 17:08 <DIR> d-------- C:\Program Files\Bit Lord 1.1
2007-11-27 16:22 . 2007-11-27 16:22 <DIR> d-------- C:\Program Files\CEDP Stealer 6.0 for Messenger
2007-11-27 14:50 . 2007-11-27 14:50 <DIR> d-------- C:\Program Files\Microsoft Virtual PC
2007-11-27 13:21 . 2007-08-20 02:04 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-27 13:21 . 2007-04-17 01:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-27 13:21 . 2007-03-07 21:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-27 13:21 . 2007-08-20 02:04 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-27 13:21 . 2007-08-20 02:04 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-27 13:21 . 2007-08-20 02:04 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-27 13:21 . 2007-08-20 02:04 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-27 13:21 . 2007-08-20 02:04 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-27 13:21 . 2007-08-17 02:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-27 13:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-27 13:10 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-11-27 13:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-27 13:10 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-11-27 13:10 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-27 13:10 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-26 23:27 . 2007-11-26 23:27 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-11-26 23:00 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2007-11-26 22:59 . 2007-11-26 22:59 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-26 22:59 . 2007-11-26 22:59 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-11-26 22:58 . 2007-11-26 22:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-26 22:54 . 2007-11-26 23:27 376 --a------ C:\WINDOWS\ODBC.INI
2007-11-26 22:53 . 2007-11-26 22:53 <DIR> dr-h----- C:\MSOCache
2007-11-26 22:41 . 2007-12-09 15:17 <DIR> d-------- C:\Documents and Settings\Toni\Shared
2007-11-26 22:41 . 2007-12-09 15:18 <DIR> d-------- C:\Documents and Settings\Toni\Incomplete
2007-11-26 22:41 . 2007-12-06 12:28 <DIR> d-------- C:\Documents and Settings\Toni\Application Data\LimeWire
2007-11-26 22:39 . 2007-11-28 23:09 <DIR> d-------- C:\Program Files\Java
2007-11-26 22:39 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-26 22:38 . 2007-11-26 22:38 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-26 22:37 . 2007-11-26 22:39 <DIR> d-------- C:\Program Files\LimeWire
2007-11-26 22:09 . 2007-11-26 22:09 <DIR> d-------- C:\Documents and Settings\Toni\Contacts
2007-11-26 22:08 . 2007-11-26 22:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-26 22:08 . 2007-12-09 17:10 <DIR> d-------- C:\Program Files\MSN Messenger
2007-11-26 21:35 . 2007-11-26 21:35 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-26 21:32 . 2007-12-09 18:25 <DIR> d-------- C:\Program Files\ArtMoney
2007-11-26 21:30 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-26 20:04 . 2007-11-26 20:04 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-11-26 20:04 . 2007-11-26 20:04 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-11-26 20:04 . 2007-11-26 20:04 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-11-26 19:57 . 2007-11-26 19:57 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-11-26 19:57 . 2007-11-26 19:57 <DIR> d-------- C:\Program Files\Realtek AC97
2007-11-26 19:57 . 2007-11-26 19:57 <DIR> d-------- C:\Program Files\AvRack
2007-11-26 19:57 . 2005-08-17 02:21 10,458,112 -ra------ C:\WINDOWS\system32\RTLCPL.EXE
2007-11-26 19:57 . 2005-08-12 02:40 307,200 -r------- C:\WINDOWS\alcupd.exe
2007-11-26 19:57 . 2005-08-12 01:35 212,992 -r------- C:\WINDOWS\alcrmv.exe
2007-11-26 19:57 . 2004-09-06 22:23 156,672 -ra------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-11-26 19:57 . 2005-08-17 02:39 90,112 -ra------ C:\WINDOWS\SET33.tmp
2007-11-26 19:57 . 2005-07-15 00:48 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-11-26 19:57 . 2001-07-05 08:19 164 -r------- C:\WINDOWS\avrack.ini
2007-11-26 19:55 . 2007-12-10 13:12 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-11-26 19:55 . 2007-11-26 19:56 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-11-26 19:55 . 2005-04-27 09:15 35,587 --------- C:\WINDOWS\system32\rmlan.exe
2007-11-26 19:55 . 2005-04-27 09:15 34,307 --------- C:\WINDOWS\system32\drivers\Install.EXE
2007-11-26 19:55 . 2005-04-06 16:54 28,672 --------- C:\WINDOWS\system32\UnLAN.exe
2007-11-26 19:55 . 2005-03-22 20:36 28,672 --a------ C:\WINDOWS\system32\drivers\ULILAN51.SYS
2007-11-26 19:55 . 2005-03-22 13:05 10,091 --------- C:\WINDOWS\system32\drivers\NETULi.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 01:20 --------- d-----w C:\Program Files\T-Com ADSL driver
2007-11-27 01:19 --------- d-----w C:\Program Files\T-Com MAXadsl CD-ROM
2007-11-27 01:05 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-27 01:02 --------- d-----w C:\Program Files\Windows Media Connect 2
2003-04-17 08:16 447,616 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-04-17 08:15 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-04-17 08:15 147,200 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 17:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 02:39 C:\WINDOWS\soundman.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-26 20:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-03 12:33]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 17:56]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ScanPanel.lnk - C:\Program Files\ArtecUSB\ScanPanel\ScnPanel.exe [2007-12-10 13:12:58]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS
S3 PV8630;USB Flatbed Scanner Driver;C:\WINDOWS\system32\DRIVERS\A1236.sys
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe"

.
Contents of the 'Scheduled Tasks' folder
"2007-12-10 22:41:26 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Toni\LOCALS~1\Temp\jjhueqtk6BAEAC9.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 14:41:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 14:42:22 - machine was rebooted
.
--- E O F ---

Now the HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:12, on 10.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ArtecUSB\ScanPanel\ScnPanel.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ArtecUSB\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm414YYHR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B23C1243-55FD-4AF8-BE5C-FF48B9502C27}: NameServer = 195.29.149.196 195.29.149.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{E572B41A-37EA-46D3-A9F7-F5C90BEF089B}: NameServer = 195.29.150.3,195.29.150.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 6045 bytes

 

[Punk]

Ok I'll look at the results tonight

 

[GameMaster]

Lool ok ok. Just do it please

 

[Punk]

Run Ad-Aware 2007 and post a fresh HJT.

That should get rid of all the MyWebSearch infection.

 

[GameMaster]

Lol so that shit is freezing my precious IE 7.0 every day?? Damn it!!
Never heard for that shit before, I mean what's the point in that tiny small little shit that freeze your Internet???????
I only like nasty, tasty, big, harmfull viruses mmm

 

[GameMaster]

Quick fast help please. I found some DataMiner, says it''s crytical what do I have to do? System Restore or Remove

 

[Punk]

Yeah where?

Let's focus on one problem at a time... If you want to do it yourself go ahead...

 

[GameMaster]

Yep I removed it It's all fine now I guess. I found 196 some trackin cookies but I'm sure that's not harmfull is it? I mean what can they do: Slow my comp a bit and send informations about my browser wow big deal. Anyway, Adaware seemed to clean only 126 and othet 70 are alive lol...
Thank you web, hey btw cool site, you should really get more people on it somehow. In fact I may have a second case

 

[Punk]

Can you post a fresh HJT just to make sure that all malwares have been removed?

 

[GameMaster]

Yep, here you go...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:58, on 11.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ArtecUSB\ScanPanel\ScnPanel.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Bit Lord 1.1\BitLord.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ArtecUSB\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm414YYHR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B23C1243-55FD-4AF8-BE5C-FF48B9502C27}: NameServer = 195.29.149.196 195.29.149.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{E572B41A-37EA-46D3-A9F7-F5C90BEF089B}: NameServer = 195.29.150.3,195.29.150.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 6248 bytes

 

[GameMaster]

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxdm414YYHR

Lol, the thing is everytime I run Adaware I find 3 new cookies, and I delete them and it's all fine... anyway I'm changing browser in 3 days after I finish some work on this one, my next will be new Opera I guess...