hijack this please

[mrigoni]

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 19:10:41, on 2010-9-25

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program

 

Files\NetRatingsNetSight\NetSight\NielsenOnline.ex

 

e

C:\Program

 

Files\NetRatingsNetSight\NetSight\NielsenOnline.ex

 

e

C:\Program Files\IObit\Advanced SystemCare 3

 

\AWC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Siber Systems\AI

 

RoboForm\RoboTaskBarIcon.exe

C:\Program

 

Files\W3i\InstallIQUpdater\InstallIQUpdater.exe

C:\Documents and

 

Settings\Owner.ANONYMOUS\Application Data\CBS

 

Interactive\CNET TechTracker\TechTracker.exe

C:\Program Files\Gacela\Gacela-Reporting.exe

C:\Program Files\Gacela\Gacela-Updater.exe

C:\Program Files\IObit\IObit Security 360

 

\IS360srv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Common Files\Microsoft

 

Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft

 

Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Paint.NET\PaintDotNet.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\Program Files\IObit\IObit Security 360

 

\IS360tray.exe

C:\Program Files\Absolute Poker\mainclient.exe

C:\Program Files\Absolute Poker\aphh.exe

C:\Program Files\GameHouse\Candy\cruncher.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Gacela\Gacela-Process-

 

Connector.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\IObit\IObit Security 360

 

\a_hijackscan.exe

 

O2 - BHO: Gacela - {4BEEA052-726D-4A6E-B65D-

 

A6BD07C263F3} - C:\Program

 

Files\Gacela\Gacela2.dll

O2 - BHO: Unknown - {724d43a9-0d85-11d4-9908-

 

00400523e39a} - C:\Program Files\Siber Systems\AI

 

RoboForm\roboform.dll

O2 - BHO: Windows Live ID Sign-in Helper -

 

{9030D464-4C02-4ABF-8ECC-5164760863C6} -

 

C:\Program Files\Common Files\Microsoft

 

Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-

 

4740-988e-03dc2f38c34f} - C:\Program

 

Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll

O2 - BHO: Ask Toolbar - {D4027C7F-154A-4066-

 

A1AD-4243D8127440} - C:\Program

 

Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper -

 

{DBC80044-A445-435b-BC74-9C25C1C588A9} -

 

C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl Class -

 

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

 

C:\Program Files\Java\jre6

 

\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6

 

-B9E9-AB4C880C8414} - C:\Program

 

Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-

 

9908-00400523e39a} - C:\Program Files\Siber

 

Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-

 

A1AD-4243D8127440} - C:\Program

 

Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: ShopAtHome Toolbar - {98279C38-

 

DE4B-4bcf-93C9-8EC26069D6F4} -

O3 - Toolbar: Gacela - {5F6E2508-41C4-4D4B-8AC3

 

-D7ED6E4EB2AE} - C:\Program

 

Files\Gacela\Gacela2.dll

O4 -

 

HKCU|\Software\Microsoft\Windows\CurrentVersio

 

n\Run\: [Advanced SystemCare 3] "C:\Program

 

Files\IObit\Advanced SystemCare 3\AWC.exe"

 

/startup

O4 -

 

HKCU|\Software\Microsoft\Windows\CurrentVersio

 

n\Run\: [ctfmon.exe] C:\WINDOWS\system32

 

\ctfmon.exe

O4 -

 

HKCU|\Software\Microsoft\Windows\CurrentVersio

 

n\Run\: [RoboForm] "C:\Program Files\Siber

 

Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 -

 

HKCU|\Software\Microsoft\Windows\CurrentVersio

 

n\Run\: [installIQUpdater] "C:\Program

 

Files\W3i\InstallIQUpdater\InstallIQUpdater.exe"

 

/silent /autorun

O4 -

 

HKLM|\Software\Microsoft\Windows\CurrentVersio

 

n\Run\: [NielsenOnline] C:\Program

 

Files\NetRatingsNetSight\NetSight\NielsenOnline.ex

 

e

O4 -

 

HKLM|\Software\Microsoft\Windows\CurrentVersio

 

n\Run\: [iObit Security 360] "C:\Program

 

Files\IObit\IObit Security 360\IS360tray.exe"

 

/autostart

O4 -

 

HKLM|\Software\Microsoft\Windows\CurrentVersio

 

n\Run\: [CarboniteSetupLite] "C:\Program

 

Files\Carbonite\CarbonitePreinstaller.exe"

 

/preinstalled /showonfirst /reshowat=1800

O4 -

 

HKLM|\Software\Microsoft\Windows\CurrentVersio

 

n\Run\: [sunJavaUpdateSched] "C:\Program

 

Files\Common Files\Java\Java Update\jusched.exe"

O4 -

 

HKLM|\Software\Microsoft\Windows\CurrentVersio

 

n\Run\: [ErrorTeck] C:\Program

 

Files\ErrorTeck\ErrorTeck.exe /scan

O9 - Extra button: PokerStars - {3AD14F0C-ED16-

 

4e43-B6D8-661B03F6A1EF} - C:\Program

 

Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: About Gacela - {4BEEA052-726D-

 

4A6E-B65D-A6BD07C263F3} - C:\Program

 

Files\PokerStars\PokerStarsUpdate.exe

O16 - DPF: {02A2D714-433E-46E4-B217-

 

7C3B3FAF8EAE}

 

SCRABBLECUBES.ScrabbleCubesCtrl.1 -

 

http://www.worldwinner.com/games/v47/scrabble

 

cubes/scrabblecubes.cab

O16 - DPF: {18C3FD15-74F6-4280-9C98-

 

3590C966B7B8}SKILLGAM.SkillGamCtrl.1 -

 

http://www.worldwinner.com/games/v47/skillgam

 

/skillgam.cab

O16 - DPF: {1A1F56AA-3401-46F9-B277-

 

D57F3421F821}

 

FunGamesLoader.FunGamesLoaderCtrl.1 -

 

http://www.worldwinner.com/games/v47/shared/F

 

unGamesLoader.cab

O16 - DPF: {2C153C75-8476-434B-B3C3-

 

57B63A3D1939}BRICKOUT.BrickoutCtrl.1 -

 

http://www.worldwinner.com/games/v48/brickout

 

/brickout.cab

O16 - DPF: {33E54F7F-561C-49E6-929B-

 

D7E76D3AFEB1}POOL.PoolCtrl.1 -

 

http://www.worldwinner.com/games/v50/pool/poo

 

l.cab

O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-

 

86D6D9B31C0C}MONEYLIST.MoneyListCtrl.1 -

 

http://www.worldwinner.com/games/v45/moneylis

 

t/moneylist.cab

O16 - DPF: {4AB16005-E995-4A60-89DE-

 

8B8A3E6EB5B0}

 

TRIVIALPURSUIT.TrivialPursuitCtrl.1 -

 

http://www.worldwinner.com/games/v56/trivialpur

 

suit/trivialpursuit.cab

O16 - DPF: {50647AB5-18FD-4142-82B0-

 

5852478DD0D5}

 

ConnectorLauncher.ConnectorLauncherCtrl.2 -

 

http://webeffective.keynote.com/applications/pcon

 

nector/download/ConnectorLauncher.cab

O16 - DPF: {555F1BBC-6EC2-474F-84AF-

 

633EF097FF54}WWHEARTS.WWHeartsCtrl.1 -

 

http://www.worldwinner.com/games/v53/wwheart

 

s/wwhearts.cab

O16 - DPF: {58FC4C77-71C2-4972-A8CD-

 

78691AD85158}BJA.BJACtrl.1 -

 

http://www.worldwinner.com/games/v63/bjattack

 

/bja.cab

O16 - DPF: {61900274-3323-4446-BDCD-

 

91548D32AF1B}

 

SPIDERSOLITAIRE.SpiderSolitaireCtrl.1 -

 

http://www.worldwinner.com/games/v56/spidersol

 

itaire/spidersolitaire.cab

O16 - DPF: {62969CF2-0F7A-433B-A221-

 

FD8818C06C2F}BLOCKWERX.BlockwerxCtrl.1 -

 

http://www.worldwinner.com/games/v49/blockwer

 

x/blockwerx.cab

O16 - DPF: {64CD313F-F079-4D93-959F-

 

4D28B5519449}JEOPARDY.JeopardyCtrl.1 -

 

http://www.worldwinner.com/games/v56/jeopardy

 

/jeopardy.cab

O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-

 

792026B2B2A7}FREECELL.FreeCellCtrl.1 -

 

http://www.worldwinner.com/games/v41/freecell/f

 

reecell.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-

 

AFECE305D968}

 

TheFacebook.FacebookPhotoUploader5.5.1 -

 

http://upload.facebook.com/controls/2009.07.28_v

 

5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-

 

F0F22D22B1CB}WWLAUNCH.WwlaunchCtrl.1 -

 

http://www.worldwinner.com/games/shared/wwla

 

unch.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-

 

00805F499D93}Java Plug-in 1.6.0_21 -

 

http://java.sun.com/update/1.6.0/jinstall-

 

1_6_0_21-windows-i586.cab

O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-

 

9765D2565280}IEWWLOAD.IEWWLoadCtrl.1 -

 

http://www.worldwinner.com/games/launcher/ie/v

 

2.22.01.0/iewwload.cab

O16 - DPF: {94299420-321F-4FF9-A247-

 

62A23EBB640B}WORDMOJO.WordMojoCtrl.1 -

 

http://www.worldwinner.com/games/v46/wordmoj

 

o/wordmojo.cab

O16 - DPF: {95A311CD-EC8E-452A-BCEC-

 

B844EB616D03}

 

BEJEWELEDTWIST.BejeweledTwistCtrl.1 -

 

http://www.worldwinner.com/games/v51/bejewele

 

dtwist/bejeweledtwist.cab

O16 - DPF: {97438FE9-D361-4279-BA82-

 

98CC0877A717}CUBIS.CubisCtrl.1 -

 

http://www.worldwinner.com/games/v57/cubis/cu

 

bis.cab

O16 - DPF: {A021A215-6CDC-44B4-8C16-

 

90491CED9605}CLUE.ClueCtrl.1 -

 

http://www.worldwinner.com/games/v68/clue/clue

 

.cab

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-

 

D0BECF5077EB}EPUWalControl.EPUImageControl.1

 

-

 

http://tools.ebayimg.com/eps/wl/activex/eBay_En

 

hanced_Picture_Control_v1-0-31-0.cab

O16 - DPF: {C93C1C34-CEA9-49B1-9046-

 

040F59E0E0D8}PAINT.PaintCtrl.1 -

 

http://www.worldwinner.com/games/v43/paint/pa

 

int.cab

O16 - DPF: {CAFEEFAC-0016-0000-0021-

 

ABCDEFFEDCBA}Java Plug-in 1.6.0_21 -

 

http://java.sun.com/update/1.6.0/jinstall-

 

1_6_0_21-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-

 

ABCDEFFEDCBA}Java Plug-in 1.6.0_21 -

 

http://java.sun.com/update/1.6.0/jinstall-

 

1_6_0_21-windows-i586.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-

 

247DBAF1A147}Windows Live Hotmail Photo Upload

 

Tool -

 

http://gfx1.hotmail.com/mail/w4/pr01/photouploa

 

dcontrol/MSNPUpld.cab

O23 - Service: Client Virtualization Handler (cvhsvc) -

 

Unknown - C:\Program Files\Common

 

Files\Microsoft Shared\Virtualization

 

Handler\CVHSVC.EXE

O23 - Service: Gacela-Reporting-Service (Gacela-

 

Reporting-Service) - Unknown - C:\Program

 

Files\Gacela\Gacela-Reporting.exe

O23 - Service: Gacela-Update-Service (Gacela-

 

Update-Service) - Unknown - C:\Program

 

Files\Gacela\Gacela-Updater.exe

O23 - Service: Google Update Service (gupdate)

 

(gupdate) - Google Inc. - C:\Program

 

Files\Google\Update\GoogleUpdate.exe

O23 - Service: IS360service (IS360service) - IObit -

 

C:\Program Files\IObit\IObit Security 360

 

\IS360srv.exe

O23 - Service: Java Quick Starter

 

(JavaQuickStarterService) - Sun Microsystems, Inc. -

 

C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: My Web Search Service

 

(MyWebSearchService) - Unknown - C:\Program

 

Files\MYWEBS~1\bar\1.bin\mwssvc.exe

O23 - Service: Office Source Engine (ose) - Unknown

 

- C:\Program Files\Common Files\Microsoft

 

Shared\Source Engine\OSE.EXE

O23 - Service: Office Software Protection Platform

 

(osppsvc) - Unknown - C:\Program Files\Common

 

Files\Microsoft

 

Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.

 

EXE

O23 - Service: Application Virtualization Client

 

(sftlist) - Unknown - C:\Program Files\Microsoft

 

Application Virtualization Client\sftlist.exe

O23 - Service: Application Virtualization Service

 

Agent (sftvsa) - Unknown - C:\Program

 

Files\Microsoft Application Virtualization

 

Client\sftvsa.exe

[markusg]

open notepat, format, uncheck

word rap

We need to create an OTL Report

 

1. Please download OTL

http://oldtimer.geekstogo.com/OTL.exe

 

2. Save it to your desktop.

3. Double click on the icon on your desktop.

4. Click the "Scan All Users" checkbox.

5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.

6. Copy and Paste the following into the textbox.

 

 

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

winlogon.exe

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

 

7. Push "scan"

8. Two reports will open, copy and paste them in a reply here:

• OTListIt.txt <-- Will be opened

• Extra.txt <-- Will be minimized