Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojandownloader.xs [RESOLVED]


  • This topic is locked This topic is locked

#1
Indoctrin

Indoctrin

    New Member

  • Member
  • Pip
  • 6 posts
I have taken the steps in the "do this before posting a log" and still I have this rather annoying piece of crap on my computer. So here are the things Im supposed to post:
SUPERAntiSpyware Scan Log
Generated 04/11/2008 at 06:49 AM

Application Version : 3.6.1000

Core Rules Database Version : 3434
Trace Rules Database Version: 1426

Scan type : Complete Scan
Total Scan Time : 09:06:12

Memory items scanned : 839
Memory threats detected : 0
Registry items scanned : 6874
Registry threats detected : 4
File items scanned : 384161
File threats detected : 26

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
HKU\S-1-5-21-2230527900-3846254474-4097666944-1002\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
HKCR\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

Adware.Tracking Cookie
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@advertising[2].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@mediaplex[1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@tradedoubler[2].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@adtech[1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@socialmedia[2].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@tribalfusion[1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@casalemedia[2].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@atdmt[2].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@doubleclick[1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@adrevolver[2].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@fastclick[1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@apmebf[1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@serving-sys[1].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Cookies\indoctrin@questionmarket[2].txt
Adware.Casino Games (Golden Palace Casino)
HKU\S-1-5-21-2230527900-3846254474-4097666944-1002\Software\Golden Palace Casino PT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:57, on 11/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\aol\1162935776\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\pobetuvy.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\AOL9~1.0VR\waol.exe
C:\PROGRA~1\AOL9~1.0VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Indoctrin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162935776\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [qcyvsqtq] C:\Windows\system32\pobetuvy.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9843 bytes

Hopefully this retarded spyware can be dealt with as its annoying the [bleep] outta me, so many thanks in advance to anyone who can help.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there. The first thing I notice is that you appear to have two antivirus programmes running, Norton and Avast

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine

Please uninstall or disable one of them

As a Vista user I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [qcyvsqtq] C:\Windows\system32\pobetuvy.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

THEN

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Windows\system32\pobetuvy.exe
    Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


FINALLY FOR NOW

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Logs required : OTMoveit and DSS
  • 0

#3
Indoctrin

Indoctrin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I dont know why norton was running at all as ive never actually told it to do anything but for some reason it wont allow me to disable it so Avast is now disabled. Here are the logs you require:

OTMoveit Log

C:\Windows\system32\pobetuvy.exe moved successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04122008_065745

Deckard's System Scanner v20071014.68
Run by Indoctrin on 2008-04-12 17:29:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-04-12 07:11:07 UTC - RP395 - Scheduled Checkpoint
1: 2008-04-11 06:31:00 UTC - RP394 - Installed BBC iPlayer Download Manager


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 894 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-12 17:32:19
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\aol\1162935776\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Users\Indoctrin\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162935776\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T\wlan111t.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlbc_device - Unknown owner - C:\Windows\System32\dlbccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


--
End of file - 10841 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-12 17:31:14 426 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{B2764A3E-C2C1-4C70-B3B3-63C67D57106A}.job
2008-04-12 17:31:10 348 --a------ C:\Windows\Tasks\Recovery DVD Creator.job


-- Files created between 2008-03-12 and 2008-04-12 -----------------------------

2008-04-11 07:32:47 0 d-------- C:\Users\All Users\Kontiki
2008-04-11 07:32:47 0 d-------- C:\Program Files\Kontiki
2008-04-11 07:32:18 0 d-------- C:\logs3
2008-04-11 07:08:51 0 d-------- C:\Program Files\Panda Security
2008-04-09 19:30:16 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-09 19:27:39 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-09 19:08:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 08:38:00 0 d-a------ C:\Users\All Users\TEMP
2008-04-09 07:47:52 5212 --a------ C:\Windows\system32\tmp.reg
2008-04-09 07:47:26 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-04-09 07:47:26 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-09 07:47:26 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-09 07:47:26 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-09 07:47:26 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-09 07:47:26 82432 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-09 07:47:26 51200 --a------ C:\Windows\system32\dumphive.exe
2008-04-08 07:33:11 0 d-------- C:\Users\All Users\Grisoft
2008-04-08 06:48:08 227840 --a------ C:\Windows\system32\Deco_32.dll <Not Verified; Iterated Systems, Inc.; Fractal Image Decoder>
2008-04-08 06:48:06 0 d-------- C:\Program Files\onOne Software
2008-04-08 06:27:00 0 d-------- C:\Users\All Users\Adobe Systems
2008-04-07 23:32:51 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-07 22:31:34 188416 --a------ C:\Windows\qdnkewfa.dll
2008-04-07 22:30:49 4096 --a------ C:\Windows\userconfig9x.dll
2008-04-07 22:30:49 4096 --a------ C:\Windows\system32winlogonpc.exe
2008-04-07 22:30:49 4096 --a------ C:\Windows\system32hoproxy.dll
2008-04-07 22:30:49 4096 --a------ C:\Windows\FVProtect.exe
2008-04-07 22:30:47 4096 --a------ C:\Windows\system32taack.exe
2008-04-07 22:30:47 4096 --a------ C:\Windows\system32taack.dat
2008-04-07 22:30:47 4096 --a------ C:\Windows\system32sncntr.exe
2008-04-07 22:30:47 4096 --a------ C:\Windows\system32psoft1.exe
2008-04-07 22:30:47 4096 --a------ C:\Windows\system32mwin32.exe
2008-04-07 22:30:47 4096 --a------ C:\Windows\system32hxiwlgpm.exe
2008-04-07 22:30:47 4096 --a------ C:\Windows\system32hxiwlgpm.dat
2008-04-07 22:30:47 4096 --a------ C:\Windows\iTunesMusic.exe
2008-04-07 22:30:47 4096 --a------ C:\Windows\a.bat
2008-04-07 22:30:47 0 d-------- C:\Users\Indoctrin\Desktopvirii
2008-04-07 22:30:46 4096 --a------ C:\Windows\system32ssurf022.dll
2008-04-07 22:30:46 4096 --a------ C:\Windows\system32psof1.exe
2008-04-07 22:30:46 4096 --a------ C:\Windows\system32ps1.exe
2008-04-07 22:30:46 4096 --a------ C:\Windows\system32msnbho.dll
2008-04-07 22:30:46 4096 --a------ C:\Windows\system32medup020.dll
2008-04-07 22:30:46 4096 --a------ C:\Windows\system32bsva-egihsg52.exe
2008-04-07 22:30:45 0 d-------- C:\Windows\system32smp
2008-04-07 22:30:45 4096 --a------ C:\Windows\system32netode.exe
2008-04-07 22:30:45 4096 --a------ C:\Windows\system32mtr2.exe
2008-04-07 22:30:45 4096 --a------ C:\Windows\system32msgp.exe
2008-04-07 22:30:45 4096 --a------ C:\Windows\system32medup012.dll
2008-04-07 22:30:35 4096 --a------ C:\Windows\system32temp#01.exe
2008-04-07 22:30:35 0 d-------- C:\Program Files\Inet Delivery
2008-04-07 22:30:33 4096 --a------ C:\Windows\system32h@tkeysh@@k.dll
2008-04-07 22:30:29 4096 --a------ C:\Windows\system32ssvchost.exe
2008-04-07 22:30:29 4096 --a------ C:\Windows\system32ssvchost.com
2008-04-07 22:30:29 4096 --a------ C:\Windows\system32regm64.dll
2008-04-07 22:30:29 4096 --a------ C:\Windows\system32regc64.dll
2008-04-07 22:30:29 4096 --a------ C:\Windows\system32msvchost.exe
2008-04-07 22:30:29 4096 --a------ C:\Windows\system32dpcproxy.exe
2008-04-07 22:30:27 4096 --a------ C:\Windows\system32thun32.dll
2008-04-07 22:30:27 4096 --a------ C:\Windows\system32thun.dll
2008-04-07 22:30:26 4096 --a------ C:\Windows\system32Rundl1.exe
2008-04-07 22:30:21 4096 --a------ C:\Windows\system32winsystem.exe
2008-04-07 22:30:21 4096 --a------ C:\Windows\system32vcatchpi.dll
2008-04-07 22:30:21 4096 --a------ C:\Windows\system32newsd32.exe
2008-04-07 22:30:21 4096 --a------ C:\Windows\system32emesx.dll
2008-04-07 22:30:21 4096 --a------ C:\Windows\system32anticipator.dll
2008-04-07 22:30:21 4096 --a------ C:\Windows\system32akttzn.exe
2008-04-07 22:30:21 4096 --a------ C:\Windows\mssecu.exe
2008-04-07 22:30:21 4096 --a------ C:\Windows\bdn.com
2008-04-07 22:30:19 4096 --a------ C:\Windows\system32mssecu.exe
2008-04-07 22:30:19 4096 --a------ C:\Windows\system32bdn.com
2008-04-07 22:30:18 4096 --a------ C:\Windows\system32WINWGPX.EXE
2008-04-07 22:30:18 4096 --a------ C:\Windows\system32sysreq.exe
2008-04-07 22:30:14 4096 --a------ C:\Windows\system32awtoolb.dll
2008-04-07 22:30:14 0 d-------- C:\Windows\mslagent
2008-04-07 22:30:13 4096 --a------ C:\Windows\system32vbsys2.dll
2008-04-07 22:29:48 0 d-------- C:\Users\All Users\zotytkpm
2008-04-02 06:29:21 0 d-------- C:\Windows\system32\Adobe
2008-03-24 16:40:24 0 d-------- C:\Users\Indoctrin\{d785cb61-4214-4be8-ac55-d938e9fd6c3c}
2008-03-24 16:33:37 0 d-------- C:\dell
2008-03-18 17:04:54 0 d--h----- C:\Users\All Users\{BC173CC7-3433-419A-9DBA-27B24C969187}
2008-03-18 17:04:35 0 d-------- C:\Program Files\SafeIT Security
2008-03-18 17:04:35 0 d-------- C:\Program Files\Common Files\SafeIT Security


-- Find3M Report ---------------------------------------------------------------

2008-04-12 17:32:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-12 17:23:29 0 d-------- C:\Program Files\Norton Internet Security
2008-04-12 17:18:53 0 d-------- C:\Program Files\Symantec
2008-04-12 06:37:51 0 d-------- C:\Program Files\Common Files
2008-04-09 19:27:39 0 d-------- C:\Users\Indoctrin\AppData\Roaming\SUPERAntiSpyware.com
2008-04-09 07:56:54 35 --a------ C:\Users\Indoctrin\AppData\Roaming\SetValue.bat
2008-04-09 07:56:54 691 --a------ C:\Users\Indoctrin\AppData\Roaming\GetValue.vbs
2008-04-08 07:33:56 0 d-------- C:\Users\Indoctrin\AppData\Roaming\Grisoft
2008-04-08 06:57:39 0 d-------- C:\Users\Indoctrin\AppData\Roaming\onOne Software
2008-04-08 06:48:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 06:28:14 0 d-------- C:\Users\Indoctrin\AppData\Roaming\Adobe
2008-04-07 23:35:09 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-06 21:06:00 0 d-------- C:\Users\Indoctrin\AppData\Roaming\gtk-2.0
2008-04-03 18:39:50 0 d-------- C:\Program Files\Java
2008-03-19 03:22:40 0 d-------- C:\Users\Indoctrin\AppData\Roaming\SafeIT Security
2008-03-01 08:46:44 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-29 14:50:33 0 d-------- C:\Program Files\Windows Live
2008-02-29 14:46:14 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 09:09:32 0 d-------- C:\Program Files\Alwil Software
2008-02-27 23:32:26 0 d-------- C:\Program Files\iTunes
2008-02-27 23:32:15 0 d-------- C:\Program Files\iPod
2008-02-27 23:30:24 0 d-------- C:\Program Files\QuickTime
2008-02-19 21:43:44 0 d-------- C:\Users\Indoctrin\AppData\Roaming\Real
2008-01-22 17:59:16 43520 --a------ C:\Windows\system32\CmdLineExt03.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [02/11/2006 13:34]
"RtHDVCpl"="RtHDVCpl.exe" [01/11/2006 09:37 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [16/11/2006 07:45]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [11/07/2006 18:12]
"HostManager"="C:\Program Files\Common Files\AOL\1162935776\ee\AOLSoftware.exe" [14/11/2006 15:01]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [20/11/2006 22:08]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [25/08/2006 12:11]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [24/10/2006 22:08]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [27/10/2006 00:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [26/09/2007 20:22]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [13/06/2007 08:16]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/02/2008 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 18:37]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 17:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [23/10/2006 15:49]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:36]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27/02/2007 11:39]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [27/02/2008 17:56]

C:\Users\Indoctrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 19:16:50]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 09:15:54]
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe [11/03/2007 22:30:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-12 17:37:00 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2060 @ 1.60GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 893.56 MiB / 278.44 MiB
Pagefile Memory (total/avail): 2042.91 MiB / 1108.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.41 MiB

C: is Fixed (NTFS) - 66.52 GiB total, 12.29 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST980811AS ATA Device - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 8.01 GiB
\PARTITION1 (bootable) - Installable File System - 66.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: avast! antivirus 4.8.1169 [VPS 080412-0] v4.8.1169 (ALWIL Software) Disabled
AV: Norton Internet Security v2007 (Symantec Corporation) Outdated
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v2007 (Symantec Corporation) Outdated
AS: avast! antivirus 4.8.1169 [VPS 080412-0] v4.8.1169 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Indoctrin\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=INDOCTRINATION
ComSpec=C:\Windows\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Indoctrin
LOCALAPPDATA=C:\Users\Indoctrin\AppData\Local
LOGONSERVER=\\INDOCTRINATION
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\INDOCT~1\AppData\Local\Temp
TMP=C:\Users\INDOCT~1\AppData\Local\Temp
USERDOMAIN=Indoctrination
USERNAME=Indoctrin
USERPROFILE=C:\Users\Indoctrin
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Indoctrin


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Acoustica Beatcraft --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AOL 9.5 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AOL*
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Catalyst Control Center Ex --> MsiExec.exe /I{FD16AF46-C8A6-4409-5F0A-66390ECB8ED7}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
British Telecom --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *BT_GB*
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Creator 9 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
Flash Player plugins 9 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
FM Modifier 2.21 --> MsiExec.exe /X{4E98357D-C2CB-4B3C-909A-8D7A40E4F575}
FM Modifier 2.24 --> MsiExec.exe /I{AE86AE81-CD7F-496F-A39F-0210C985E71B}
Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Football Manager 2008 Gold Demo --> "C:\Program Files\Sports Interactive\Football Manager 2008 Gold Demo\Uninstall_Football Manager 2008 Gold Demo\Uninstall Football Manager 2008 Gold Demo.exe"
Genuine Fractals 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC38B36B-90F8-4C1F-8AC9-236B851B8871}\setup.exe" -l0x9 -uninst -removeonly
GIMP 2.4.2 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTK+ 2.10.11 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HDReg --> MsiExec.exe /I{AB7032FF-AFED-4C58-AA5C-8473B273793A}
Infocentre Rev. 2.0 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Internet from BT --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5187CE38-4730-404E-8700-3841F19A058C}\Setup.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jetcast 1.1.1 --> C:\Program Files\Jetcast\uninst.exe
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Locomotion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77F45E76-E897-42CA-A9FE-5F56817D875C}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office 2000 SR-1 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\Setup.exe"
NIS2007 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NIS2007_GB*
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
OpenTTD 0.5.2 --> C:\Program Files\OpenTTD\uninstall.exe
Packard Bell - Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Packard Bell Updator --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio Creator 9 LE --> MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
SafeIT Digital Security Suite --> "C:\ProgramData\{BC173CC7-3433-419A-9DBA-27B24C969187}\SafeITSecuritySuite.exe" REMOVE=TRUE MODIFY=FALSE
SafeIT Digital Security Suite --> C:\ProgramData\{BC173CC7-3433-419A-9DBA-27B24C969187}\SafeITSecuritySuite.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SetUp My PC --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_GB*
Skype 2.5.2.151 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers --> MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite --> C:\Windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Transport Tycoon Deluxe --> C:\Windows\UniFISH.exe Transport Tycoon Deluxe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type60668 / Error
Event Submitted/Written: 04/12/2008 05:28:27 PM
Event ID/Source: 11 / Microsoft-Windows-CAPI2
Event Description:
http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type60660 / Error
Event Submitted/Written: 04/12/2008 05:26:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application epmworker.exe, version 1.2.0.1236, time stamp 0x4694e1d2, faulting module epmworker.exe, version 1.2.0.1236, time stamp 0x4694e1d2, exception code 0xc0000005, fault offset 0x00026f6a,
process id 0xfe4, application start time 0xepmworker.exe0.

Event Record #/Type60655 / Success
Event Submitted/Written: 04/12/2008 05:24:49 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type60654 / Success
Event Submitted/Written: 04/12/2008 05:24:45 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type60648 / Success
Event Submitted/Written: 04/12/2008 05:23:55 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type130013 / Warning
Event Submitted/Written: 04/12/2008 05:34:08 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Indoctrination27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Indoctrination27 can't undo changes that you allow.

For more information please see the following:
%Indoctrination275

Scan ID: {C315869F-3ED7-4B51-B9F4-2C056931F630}

User: Indoctrination\Indoctrin

Name: %Indoctrination271

ID: %Indoctrination272

Severity ID: %Indoctrination273

Category ID: %Indoctrination274

Path Found: %Indoctrination276

Alert Type: %Indoctrination278

Detection Type: 1.1.1505.02

Event Record #/Type130012 / Warning
Event Submitted/Written: 04/12/2008 05:34:05 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Indoctrination27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Indoctrination27 can't undo changes that you allow.

For more information please see the following:
%Indoctrination275

Scan ID: {9AA4DC41-DF2A-40C8-A6CC-BF031049DF5C}

User: Indoctrination\Indoctrin

Name: %Indoctrination271

ID: %Indoctrination272

Severity ID: %Indoctrination273

Category ID: %Indoctrination274

Path Found: %Indoctrination276

Alert Type: %Indoctrination278

Detection Type: 1.1.1505.02

Event Record #/Type130011 / Warning
Event Submitted/Written: 04/12/2008 05:34:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Indoctrination27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Indoctrination27 can't undo changes that you allow.

For more information please see the following:
%Indoctrination275

Scan ID: {19734E8A-F15C-4C55-B2EC-8CA88A0A366E}

User: Indoctrination\Indoctrin

Name: %Indoctrination271

ID: %Indoctrination272

Severity ID: %Indoctrination273

Category ID: %Indoctrination274

Path Found: %Indoctrination276

Alert Type: %Indoctrination278

Detection Type: 1.1.1505.02

Event Record #/Type130010 / Warning
Event Submitted/Written: 04/12/2008 05:34:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Indoctrination27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Indoctrination27 can't undo changes that you allow.

For more information please see the following:
%Indoctrination275

Scan ID: {CF9D3BBA-0983-448A-8A07-C2244F9C6929}

User: Indoctrination\Indoctrin

Name: %Indoctrination271

ID: %Indoctrination272

Severity ID: %Indoctrination273

Category ID: %Indoctrination274

Path Found: %Indoctrination276

Alert Type: %Indoctrination278

Detection Type: 1.1.1505.02

Event Record #/Type130009 / Warning
Event Submitted/Written: 04/12/2008 05:34:02 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Indoctrination27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Indoctrination27 can't undo changes that you allow.

For more information please see the following:
%Indoctrination275

Scan ID: {BCFF2A33-F8BD-46AD-82B0-D9CD660E6C28}

User: Indoctrination\Indoctrin

Name: %Indoctrination271

ID: %Indoctrination272

Severity ID: %Indoctrination273

Category ID: %Indoctrination274

Path Found: %Indoctrination276

Alert Type: %Indoctrination278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-04-12 17:37:00 ------------
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK here we go - this is going to be busy so I would recommend copying this post to a text file for reference

One or more of the identified infections is a backdoor Trojan and a key logger.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.


Firstly we will remove Norton as it is outdated. Disconnect from the internet whilst you are doing this

Download this removal programme to your desktop and leave it for now http://service1.syma...005033108162039

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center


Please note any other programs that you dont recognize in that list in your next response
After your system has rebooted then run the Norton removal tool, reboot and then reactivate Avast

NEXT

  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Windows\qdnkewfa.dll
    C:\Windows\userconfig9x.dll
    C:\Windows\system32winlogonpc.exe
    C:\Windows\system32hoproxy.dll
    C:\Windows\system32taack.exe
    C:\Windows\system32taack.dat
    C:\Windows\system32sncntr.exe
    C:\Windows\system32psoft1.exe
    C:\Windows\system32mwin32.exe
    C:\Windows\system32hxiwlgpm.exe
    C:\Windows\system32hxiwlgpm.dat
    C:\Windows\a.bat
    C:\Users\Indoctrin\Desktopvirii
    C:\Windows\system32ssurf022.dll
    C:\Windows\system32psof1.exe
    C:\Windows\system32ps1.exe
    C:\Windows\system32msnbho.dll
    C:\Windows\system32medup020.dll
    C:\Windows\system32bsva-egihsg52.exe
    C:\Windows\system32smp
    C:\Windows\system32netode.exe
    C:\Windows\system32mtr2.exe
    C:\Windows\system32msgp.exe
    C:\Windows\system32medup012.dll
    C:\Windows\system32temp#01.exe
    C:\Program Files\Inet Delivery
    C:\Windows\system32h@tkeysh@@k.dll
    C:\Windows\system32ssvchost.exe
    C:\Windows\system32ssvchost.com
    C:\Windows\system32regm64.dll
    C:\Windows\system32regc64.dll
    C:\Windows\system32msvchost.exe
    C:\Windows\system32dpcproxy.exe
    C:\Windows\system32thun32.dll
    C:\Windows\system32thun.dll
    C:\Windows\system32Rundl1.exe
    C:\Windows\system32winsystem.exe
    C:\Windows\system32vcatchpi.dll
    C:\Windows\system32newsd32.exe
    C:\Windows\system32emesx.dll
    C:\Windows\system32anticipator.dll
    C:\Windows\system32akttzn.exe
    C:\Windows\mssecu.exe
    C:\Windows\bdn.com
    C:\Windows\system32mssecu.exe
    C:\Windows\system32bdn.com
    C:\Windows\system32WINWGPX.EXE
    C:\Windows\system32sysreq.exe
    C:\Windows\system32awtoolb.dll
    C:\Windows\mslagent
    C:\Windows\system32vbsys2.dll
    C:\Users\All Users\zotytkpm
    C:\Users\All Users\{BC173CC7-3433-419A-9DBA-27B24C969187}
    Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

CONTINUING

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

FINALLY FOR NOW

Please Download Avast Rootkit Cleaner to your desktop

Close all running programmes

Run the ASWAR file and select Scan Now



On completion of the scan you will then have this screen up



Now close the programme and on the desktop will be a text file called ASWAR please post that. Do not fix anything yet

The programme will take from 3 to 5 minutes to run.

Please post the ASWAR text file

Logs Required : OTMoveit, Report.txt and ASWAR
  • 0

#5
Indoctrin

Indoctrin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I went into safe mode and attempted to use SDfix, via the RunThis.bat but it would not work properly.

I got a small dos window pop up and dissappear within milliseconds. I was given no options and nothing else happened after I left it for ten minutes following the double click. I tried a second time by running as administrator and nothing happened again.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you continue with the ASWAR programme and I will use another route instead of SDFix :)
  • 0

#7
Indoctrin

Indoctrin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
MoveIt log

File/Folder C:\Windows\qdnkewfa.dll not found.
LoadLibrary failed for C:\Windows\userconfig9x.dll
C:\Windows\userconfig9x.dll NOT unregistered.
C:\Windows\userconfig9x.dll moved successfully.
C:\Windows\system32winlogonpc.exe moved successfully.
LoadLibrary failed for C:\Windows\system32hoproxy.dll
C:\Windows\system32hoproxy.dll NOT unregistered.
C:\Windows\system32hoproxy.dll moved successfully.
C:\Windows\system32taack.exe moved successfully.
C:\Windows\system32taack.dat moved successfully.
C:\Windows\system32sncntr.exe moved successfully.
C:\Windows\system32psoft1.exe moved successfully.
C:\Windows\system32mwin32.exe moved successfully.
C:\Windows\system32hxiwlgpm.exe moved successfully.
C:\Windows\system32hxiwlgpm.dat moved successfully.
C:\Windows\a.bat moved successfully.
C:\Users\Indoctrin\Desktopvirii moved successfully.
LoadLibrary failed for C:\Windows\system32ssurf022.dll
C:\Windows\system32ssurf022.dll NOT unregistered.
C:\Windows\system32ssurf022.dll moved successfully.
C:\Windows\system32psof1.exe moved successfully.
C:\Windows\system32ps1.exe moved successfully.
LoadLibrary failed for C:\Windows\system32msnbho.dll
C:\Windows\system32msnbho.dll NOT unregistered.
C:\Windows\system32msnbho.dll moved successfully.
LoadLibrary failed for C:\Windows\system32medup020.dll
C:\Windows\system32medup020.dll NOT unregistered.
C:\Windows\system32medup020.dll moved successfully.
C:\Windows\system32bsva-egihsg52.exe moved successfully.
C:\Windows\system32smp moved successfully.
C:\Windows\system32netode.exe moved successfully.
C:\Windows\system32mtr2.exe moved successfully.
C:\Windows\system32msgp.exe moved successfully.
LoadLibrary failed for C:\Windows\system32medup012.dll
C:\Windows\system32medup012.dll NOT unregistered.
C:\Windows\system32medup012.dll moved successfully.
C:\Windows\system32temp#01.exe moved successfully.
C:\Program Files\Inet Delivery moved successfully.
< C:\Windows\system32h@tkeysh@@k.dll >
LoadLibrary failed for C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32h@tkeysh@@k.dll NOT unregistered.
C:\Windows\system32h@tkeysh@@k.dll moved successfully.
C:\Windows\system32ssvchost.exe moved successfully.
C:\Windows\system32ssvchost.com moved successfully.
LoadLibrary failed for C:\Windows\system32regm64.dll
C:\Windows\system32regm64.dll NOT unregistered.
C:\Windows\system32regm64.dll moved successfully.
LoadLibrary failed for C:\Windows\system32regc64.dll
C:\Windows\system32regc64.dll NOT unregistered.
C:\Windows\system32regc64.dll moved successfully.
C:\Windows\system32msvchost.exe moved successfully.
C:\Windows\system32dpcproxy.exe moved successfully.
LoadLibrary failed for C:\Windows\system32thun32.dll
C:\Windows\system32thun32.dll NOT unregistered.
C:\Windows\system32thun32.dll moved successfully.
LoadLibrary failed for C:\Windows\system32thun.dll
C:\Windows\system32thun.dll NOT unregistered.
C:\Windows\system32thun.dll moved successfully.
C:\Windows\system32Rundl1.exe moved successfully.
C:\Windows\system32winsystem.exe moved successfully.
LoadLibrary failed for C:\Windows\system32vcatchpi.dll
C:\Windows\system32vcatchpi.dll NOT unregistered.
C:\Windows\system32vcatchpi.dll moved successfully.
C:\Windows\system32newsd32.exe moved successfully.
LoadLibrary failed for C:\Windows\system32emesx.dll
C:\Windows\system32emesx.dll NOT unregistered.
C:\Windows\system32emesx.dll moved successfully.
LoadLibrary failed for C:\Windows\system32anticipator.dll
C:\Windows\system32anticipator.dll NOT unregistered.
C:\Windows\system32anticipator.dll moved successfully.
C:\Windows\system32akttzn.exe moved successfully.
C:\Windows\mssecu.exe moved successfully.
C:\Windows\bdn.com moved successfully.
C:\Windows\system32mssecu.exe moved successfully.
C:\Windows\system32bdn.com moved successfully.
C:\Windows\system32WINWGPX.EXE moved successfully.
C:\Windows\system32sysreq.exe moved successfully.
LoadLibrary failed for C:\Windows\system32awtoolb.dll
C:\Windows\system32awtoolb.dll NOT unregistered.
C:\Windows\system32awtoolb.dll moved successfully.
C:\Windows\mslagent moved successfully.
LoadLibrary failed for C:\Windows\system32vbsys2.dll
C:\Windows\system32vbsys2.dll NOT unregistered.
C:\Windows\system32vbsys2.dll moved successfully.
C:\Users\All Users\zotytkpm moved successfully.
C:\Users\All Users\{BC173CC7-3433-419A-9DBA-27B24C969187} moved successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04122008_195142

avast! Antirootkit, version 0.9.6
Scan started: 12 April 2008 23:12:08


Scan finished: 12 April 2008 23:22:17
Hidden files found: 0
Hidden registry items found: 0
Hidden processes found: 0
Hidden services found: 0
Hidden boot sectors found: 0


----------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:16, on 12/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\aol\1162935776\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Indoctrin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162935776\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7732 bytes
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Excellent :) Your log now seems a lot better so I will now do a deep search for the hidden items

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Under Additional Scans check the following:
    • Reg - Desktop Components
    • Reg - Shell Spawning
    • File - Additional Folder Scans
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#9
Indoctrin

Indoctrin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
All done with that scan, and it did it a lot faster than I expected. Log attached!

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Even betterer ( :) )

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ~EmptyValue -> []
[Registry - Additional Scans - Non-Microsoft Only]
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
YN -> regfile [merge] -> Reg Error: Key does not exist or could not be opened.
[Files/Folders - Created Within 90 days]
NY -> system32VBIEWER.OCX -> %SystemRoot%\system32VBIEWER.OCX
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2
NY -> GetValue.vbs -> %AppData%\GetValue.vbs
[Files/Folders - Modified Within 90 days]
NY -> system32VBIEWER.OCX -> %SystemRoot%\system32VBIEWER.OCX
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

NOW A FINAL REGISTRY SWEEP

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : MBAM and a new Hijackthis Plus how is your computer running now
  • 0

#11
Indoctrin

Indoctrin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
My computer seems to be running faster now, especially on startup. Not had any stupid popups regarding buying retarded "anti-spyware" products, though I did have a random popup regarding "protection soon expiring" but Avast needed to be renewed so I assume that was what it was telling me. All in all it seems to be all good!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:59, on 13/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\aol\1162935776\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Users\Indoctrin\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162935776\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7732 bytes

Malwarebytes' Anti-Malware 1.11
Database version: 622

Scan type: Quick Scan
Objects scanned: 30216
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Web\def.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Attached Files


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

Double click OTScanit once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTScanit wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself. Malwarebytes can be removed via control panel


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP