[guccijana]

main.txt continued


--
End of file - 10878 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 catchme - c:\docume~1\tatjan~1\locals~1\temp\catchme.sys (file missing)
S3 NOWMEMDF - c:\windows\system32\nowmemdf.sys <Not Verified; (c)NOWCOM; Nowcom Memory Defender>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
S3 wacommousefilter (Wacom Mouse Filter Driver) - c:\windows\system32\drivers\wacommousefilter.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 AdobeActiveFileMonitor4.0 (Adobe Active File Monitor V4) - c:\program files\adobe\photoshop elements 4.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CIFPLogAggregator - c:\program files\cifpfiltering\cifplogaggregator.exe <Not Verified; ; CIFPLogAggregator Module>
R2 CyclopeInternetFilter - c:\program files\cifpfiltering\filterservice.exe
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\AA00003D4C01
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\AA00003D4C01
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-01-29 21:36:00 498 --a------ C:\WINDOWS\Tasks\McAfee.com Update Check (DCW9RX51-Tatjana Blazevic).job
2008-01-26 03:00:00 416 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DCW9RX51-Tatjana Blazevic).job
2008-01-23 23:20:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-29 and 2008-01-29 -----------------------------

2008-01-29 21:24:17 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-01-29 21:03:36 0 d-------- C:\WINDOWS\ERUNT
2008-01-29 20:30:33 0 d-------- C:\Documents and Settings\Tatjana Blazevic\Application Data\Malwarebytes
2008-01-29 17:31:01 0 d-------- C:\Program Files\Common Files\Java
2008-01-29 14:41:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-29 14:41:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-29 14:17:35 0 d-------- C:\Program Files\CleanUp!2
2008-01-29 14:06:59 0 d-------- C:\cmdcons
2008-01-29 11:38:19 0 d-------- C:\Documents and Settings\Tatjana Blazevic\DoctorWeb
2008-01-29 01:42:45 0 dr-h----- C:\Documents and Settings\Tatjana Blazevic\Recent
2008-01-29 01:39:47 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-12-31 00:04:18 0 d-------- C:\Documents and Settings\Tatjana Blazevic\Application Data\SiteAdvisor
2007-12-31 00:04:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-30 23:45:54 0 d-------- C:\Documents and Settings\Tatjana Blazevic\Application Data\Talkback


-- Find3M Report ---------------------------------------------------------------

2008-01-29 21:32:10 14219 --a------ C:\WINDOWS\system32\tablet.dat
2008-01-29 21:24:51 3226 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-29 18:23:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-29 17:51:03 0 d-------- C:\Program Files\Java
2008-01-29 17:31:01 0 d-------- C:\Program Files\Common Files
2008-01-19 12:31:47 0 d-------- C:\Documents and Settings\Tatjana Blazevic\Application Data\Intuit
2008-01-19 12:26:29 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-19 12:26:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-19 12:10:12 0 d-------- C:\Program Files\TurboTax
2008-01-07 00:29:08 0 d-------- C:\Program Files\iTunes
2008-01-07 00:28:54 0 d-------- C:\Program Files\iPod
2008-01-07 00:27:47 0 d-------- C:\Program Files\QuickTime
2007-12-24 16:14:30 0 d-------- C:\Documents and Settings\Tatjana Blazevic\Application Data\Canon
2007-11-29 19:31:07 0 d-------- C:\Program Files\Linksys EasyLink Advisor


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [03/23/2004 12:16 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 12:52 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 08:12 PM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"P17Helper"="P17.dll" [06/10/2004 11:51 AM C:\WINDOWS\SYSTEM32\P17.dll]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 08:15 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [08/23/2004 06:19 PM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 01:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 01:05 AM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.ex e" [12/09/2003 02:02 PM]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdl r.exe" [08/08/2003 05:02 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [09/09/2005 12:18 AM]
"ClubBox"="" []
"EPSON Stylus Photo R340 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIAJA.exe" [04/26/2005 03:00 AM]
"avast!"="C:\PROGRA~1\AVAST4~1\Avast4\ashDisp. exe" [12/04/2007 08:00 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [08/15/2005 03:24 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 01:06 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 06:16 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 03:46 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [10/28/2004 7:43:18 PM]
DESKTOP.INI [8/10/2004 1:04:12 PM]
TabUserW.exe.lnk - C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe [9/4/2007 10:10:02 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PSEXESVC"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\svcWRSSSDK]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{534b146a-a3bb-11d9-828e-00038a000015}]
AutoRun\command- L:\JDSecure\Windows\JDSecure31.exe




-- End of Deckard's System Scanner: finished at 2008-01-29 21:39:37 ------------

[evilfantasy]

Delete everything in bold.

C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip

----------

Add/remove programs and uninstall Viewpoint Media Player

----------

I am not seeing anything malware related. Lets do another scan that will look for rootkits as well as malware.

First lets get rid of the other tools we don't need.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for
general malware removal and could cause damage if launched accidentally.

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

• When finished exit out of OTMoveIt2

----------

Please run the F-Secure Online Scanner

Note: This Scanner works with Internet Explorer Only!

• Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
• Allow the Active X control to be installed on your computer, then click the Accept button
• Click Full System Scan and allow the components to download and the scan to complete.
• If malware is found, check Submit samples to F-Secure then select Automatic cleaning
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
  • If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
• When the cleaning option is presented, Uncheck Submit samples to F-Secure
• Click Automatic cleaning
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
• This scan can take quite some time, so please be patient

----------

Next post
F-Secure log

[guccijana]

couldnt find C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
there was only jre1.6.0_04

[evilfantasy]

OK, it is probably from a leftover showing in the DSS log.

No problem.

[guccijana]

its still scanning--i dont know how long its gonna take-- if you don't hear from me i feel asleep hehe-- i'll try not to tough :)

[evilfantasy]

No worries, it will take a while. You may not hear from me until tomorrow.

[guccijana]

Scanning Report

Tuesday, January 29, 2008 22:37:33 - 23:46:41

Computer name: DCW9RX51
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ P:\ V:\ Z:\
Result: 1 malware found

Win32.TrojanClick.Spywad.b (spyware)

• System (Disinfected)

Statistics

Scanned:

• Files: 46250
• System: 4836
• Not scanned: 4

Actions:

• Disinfected: 1
• Renamed: 0
• Deleted: 0
• None: 0
• Submitted: 0

Files not scanned:

• C:\HIBERFIL.SYS
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{FFE45E 0E-754D-447C-9374-8D733F862174}.BIN
• P:\PAGEFILE.SYS

Options

Scanning engines:

• F-Secure Libra: 2.4.2, 2008-01-29
• F-Secure AVP: 7.0.171, 2008-01-29
• F-Secure Orion: 1.2.37, 2008-01-29
• F-Secure Blacklight: 1.0.64
• F-Secure Draco: 1.0.35, 0597-150-72
• F-Secure Pegasus: 1.19.0, 2008-00-28

Scanning options:

• Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXJPG SWF
• Use Advanced heuristics

[evilfantasy]

Download roguescanfix_setup.
http://users.telenet.be/Beamerke/too...nfix_setup.exe
Doubleclick roguescanfix_setup to install it. After the installation, you will be prompted if you would like to run roguescanfix now. Click "YES" to start the tool.
Note: This tool needs internet connection because it downloads an additional file to let the tool work properly.
If your firewall gives an alert, allow it instead of blocking it.
In case you get the message BFU.exe is not present, download
BFU.zip from here. http://www.merijn.org/files/bfu.zip
Unzip it and place BFU.exe in the c:\program files\roguescanfix-folder. Then doubleclick Roguescanfix.bat again.
The tool will uninstall some programs and delete related files and registry keys.
If some files don't get deleted, it will ask you to reboot your system to delete the files after reboot.

Please make sure the uninstall of the programs are finished before you click Yes to reboot.

A textfile will open. Place the contents of that file in your next reply, along with a new Hijackthis logfile.
(The textfile can also be found at c:\program files\roguescanfix\task.txt)

[guccijana]

here is the log

[guccijana]

guess what?? i went to siteadvisor.com and.. TADAAAAAAAAAA ITS working.. the site is finally working...gosh I dont know what the problem was but you have fixed it hehe.. thxxx

but i ran spybot again and smitfraud is still there :( :(